Versions Compared

Old Version 1

changes.mady.by.user Charles Bishop

Saved on

compared with

New Version Current

changes.mady.by.user Charles Bishop

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Security Assertion Markup Language (SAML) lets users exchange authorization data between different parties, in particular, between an identity provider and a service provider. The Datameer SAML Authenticator is designed to allow Datameer to act as a Service Provider with a SAML SSO (Single Sign On) environment. This means that authentication and identity management happen externally to the Datameer instance. These services are provided by an IdentityProvider which authenticates end users and issue assertions containing subject and session information along with arbitrary attributes about the user. The SAML Authenticator plug-in exposes some extension points to allow customers to provide the appropriate Datameer user details (group memberships, roles, username, email) based on the incoming assertion.

...

  1. Login to Datameer with administrator rights.
  2. Click on the Admin tab > Authentication.
  3. Click Edit.
  4. Select RemoteAuthenticationSystem and choose SAML from the menu.
  5. Provide or provide the path to your IdP Metadata (which includes endpoint URLs, binding types, attributes, and security-policy information.)
  6. Enter the Uniform Resource Identifier (URI) from the Service Provider. If you are using a third-party single sign-on application, add /saml/SSO to the end of the URI. Then fill in the KeyStore and Service Provider information.
    Learn more about setting up a Java KeyStore in Datameer's Knowledge Base.
  7. Select a Directory Service that you set up through the SAML SSO SDK Extensions
  8. In the Users and Groups boxes, enter created user/groups for authentication permission
  9. Select the user provider with which to authenticate. 
  10. The advanced SSO options give administrators access control options for authentication.
  11. Caching is turned on automatically, but you can turn it off or edit the interval for caching on this screen. To turn off caching, click Edit and select an interval of 0.

...

To enable debugging of SAML edit the log4j-production.properties file and add the following:

log4j.category.com.<package_name>=ERROR
#openSAML
log4j.category.org.opensaml=ERROR
log4j.category.org.springframework.security.saml=ERROR
log4j.category.org.springframework.security.web.authentication=ERROR

...