This involves setting up the exchange of metadata between the identity provider (IdP) and the service provider (SP). The IdP metadata includes the required IdP URLs and the certificate.
- Share
- REST API
- AOS
- Configure your IdP. SkyVault should work with any IdP that supports SAML 2.0, however detailed instructions for configuring PingFederate and AD FS only are explained in these topics.
- Download your IdP certificate from your IdP.
- Configure SAML SSO in SkyVault. You can set the SkyVault settings in one of the
following ways:
- Using the SkyVault Admin Console
- In configuration files, such as SkyVault-global.properties and other subsystem configuration files
- Dynamically, using JMX, if enabled
Depending on whether SAML is enabled and/or enforced, SAML may or may not be enabled and enforced. The following table shows how the user is authenticated in different SAML enabled and enforced states.
| SAML enabled | SAML enforced | Action |
|---|---|---|
| Yes | Yes | SAML is enabled and enforced. User is authenticated through SAML and is redirected to the IdP login page. |
| No | Yes | SAML is disabled. User is authenticated using either using Share login or basic authentication. |
| Yes | No | User can choose either to use Share login or to login using the IdP. |
| No | No | SAML is disabled. User is authenticated using either using Share login or basic authentication. |
Make sure that you configure the components in the order specified.