RapidIdentity Product Guide

Service Providers: RapidIdentity SAML Authentication Configuration

RapidIdentity supports SAML authentication and is configured as a Service Provider during the installation process and that allows immediate access to any licensed RapidIdentity component. individual RapidIdentity Components (e.g. Portal, Connect) do not need to be configured individually as Service Providers; however, one service provider does need to be configured for all of RapidIdentity and registered to RapidIdentity.

Note

If configuring RapidIdentity for SAML authentication against an Identity Provider in a different domain, that domain may require being added as Allowed Origin in the RapidIdentity CORS Configuration . The Allowed Origin value should be formatted as "https://identity_provider_domain."

Follow these steps to configure RapidIdentity SAML authentication as a Service Provider.

  1. After IdP configuration is complete, click on the Configuration Module and select Service Providers from the Security section.

    Important

    The identity Provider must be configured in RapidIdentity. IDaaS tenants have a pre-configured IdP.

    service_providers.png

  2. Click Service Providers from the left hand menu.

    new_add_saml_2.png

    1. This page displays any current configurations, along with action buttons to configure new applications, and assign applications.

  3. Click Register Service Provider+.

    new_saml_3.png

    Hover over the question marks for additional information on completing the fields and for an example.

    new_saml_4.png

    The table below describes how to complete the Service Provider information.

    Field

    Description

    Name

    Enter a name for the Service Provider.

    Description

    Optionally, enter a description for the service provider.

    Entity ID

    The unique identifier for the SAML 2.0 Service Provider. When federating with a particular Identity Provider, it must be unique among all of the Relying Parties the Identity Provider federates with. This value must be a valid URI or URN and it is recommended to use the base RapidIdentity URL (e.g. "https://{host}/")

    Base URL

    Enter the URL from which to construct SAML endpoints; the URL must be comprised of protocol, server, port, and context path. and is the base URL to the Rapididentity instance (e.g. "https://{host}[:{port}]/"). Generally, this is exactly the same as the Entity ID, but a requirement.

    Logout URL

    A URL to redirect the user's browser to after logging out of the local RapidIdentity session. This typically points to the logout URL of the Identity Provider, such as "https://idp-host/idp/logout." The URL must be comprised of protocol, server, port, and context path. Click to automatically populate with the current IdP logout URL.

    Organization Name

    Enter the name of the organization associated with the provider. Optional, and if specified, shows up in the Service Provider's SAML 2.0 metadata.

    Organization URL

    Enter the website of the organization associated with the provider. Optional, and if specified, shows up in the Service Provider's SAML 2.0 metadata .

    Contact Email Address

    Email address for the contact at the organization. Optional, and if specified, shows up in the Service Provider's SAML 2.0 metadata.

    IDP Metadata

    Paste the XML metadata from the server, or click to automatically populate with the metadata of the IdP configured to run in the same RapidIdentity cluster.

    Tip

    Open the Service Provider's metadata URL in a web browser and copy and paste it into the Metadata input box. Also, a metadata URL can not be used as metadata.

  4. After entering required information, click Save. The service provider will be listed in the workspace and can be assigned applications for login.

  5. To activate this Service Provider configuration and enable SAML authentication for RapidIdentity, select the entry in the list and click Assign to RapidIdentity in the action bar.

    new_saml_5.png

    1. If successful, the Assigned to RapidIdentity column will display a "Yes" value. A brief confirmation message, "Saved" will be displayed at the top of the workspace.

  6. In order to refresh the configuration, return to the IDP Configuration workspace.

  7. Click Trigger Service Reload.

    trigger_service_reload.png

  8. Close all browser sessions.

  9. Re-open browser and access your RapidIdentity instance. You should immediately notice that the login page is updated showing help links and the Claim Account button.

  10. Click Delete from the action bar to delete a selected Service Provider from the workspace.

    delete_sp.png

    Caution

    Deleting the active Service Provider configuration will cause RapidIdentity to cease requiring SAML authentication until a new Service Provider configuration is assigned. If the Service Provider configuration needs to be changed for whatever reason, it's often better to create the new one, assign it and then delete the old configuration.

  11. Click Details next to an entry in the workspace to view or edit the Service Provider details.

    details3.png
In this section: