<abbrtitle="LemonLDAP::NG">LL::NG</abbr> can act as an <abbrtitle="Security Assertion Markup Language">SAML</abbr> 2.0 Identity Provider, that can allow to federate <abbrtitle="LemonLDAP::NG">LL::NG</abbr> with:
<liclass="level1"><divclass="li"> Another <abbrtitle="LemonLDAP::NG">LL::NG</abbr> system configured with <ahref="../../documentation/1.9/authsaml.html"class="wikilink1"title="documentation:1.9:authsaml">SAML authentication</a></div>
<p><divclass="noteclassic">This requires to configure <abbrtitle="LemonLDAP::NG">LL::NG</abbr> as an <spanclass="curid"><ahref="../../documentation/1.9/idpsaml.html"class="wikilink1"title="documentation:1.9:idpsaml">SAML Identity Provider</a></span>.
Go in <code>General Parameters</code> » <code>Issuer modules</code> » <code><abbrtitle="Security Assertion Markup Language">SAML</abbr></code> and configure:
<liclass="level1"><divclass="li"><strong>Path</strong>: keep <code>^/saml/</code> unless you have change <abbrtitle="Security Assertion Markup Language">SAML</abbr> end points suffix in <ahref="../../documentation/1.9/samlservice.html"class="wikilink1"title="documentation:1.9:samlservice">SAML service configuration</a>.</div>
They are available at the EntityID <abbrtitle="Uniform Resource Locator">URL</abbr>, by default: <ahref="http://auth.example.com/saml/metadata"class="urlextern"title="http://auth.example.com/saml/metadata"rel="nofollow">http://auth.example.com/saml/metadata</a>.
You must register SP metadata here. You can do it either by uploading the file, or get it from SP metadata <abbrtitle="Uniform Resource Locator">URL</abbr> (this require a network link between your server and the SP).
<p><divclass="notetip">You can also copy/paste the metadata: just click on the Edit button. When the text is pasted, click on the Apply button to keep the value.
<liclass="level1"><divclass="li"><strong>Key name</strong>: name of the key in LemonLDAP::NG session</div>
</li>
<liclass="level1"><divclass="li"><strong>Mandatory</strong>: if set to “On”, then this attribute will be sent in authentication response. Else it just will be sent trough an attribute response, if explicitly requested in an attribute request.</div>
<liclass="level1"><divclass="li"><strong>Default NameID format</strong>: if no NameID format is requested, or the NameID format undefined, this NameID format will be used. If no value, the default NameID format is Email.</div>
<liclass="level1"><divclass="li"><strong>Force NameID session key</strong>: if empty, the NameID mapping defined in <ahref="../../documentation/1.9/samlservice.html"class="wikilink1"title="documentation:1.9:samlservice">SAML service</a> configuration will be used. You can force here another session key that will be used as NameID content.</div>
<liclass="level1"><divclass="li"><strong>One Time Use</strong>: set the OneTimeUse flag in authentication response (<code><Condtions></code>).</div>
<liclass="level1"><divclass="li"><strong>sessionNotOnOrAfter duration</strong>: Time in seconds, added to authentication time, to define sessionNotOnOrAfter value in <abbrtitle="Security Assertion Markup Language">SAML</abbr> response (<code><AuthnStatement></code>):</div>
<liclass="level1"><divclass="li"><strong>notOnOrAfter duration</strong>: Time in seconds, added to authentication time, to define notOnOrAfter value in <abbrtitle="Security Assertion Markup Language">SAML</abbr> response (<code><Condtions></code> and <code><SubjectConfirmationData></code>):</div>
These options override service signature options (see <ahref="../../documentation/1.9/samlservice.html#general_options"class="wikilink1"title="documentation:1.9:samlservice">SAML service configuration</a>).
<liclass="level1"><divclass="li"><strong>Enable use of IDP initiated <abbrtitle="Uniform Resource Locator">URL</abbr></strong>: set to <code>On</code> to enable IDP Initiated <abbrtitle="Uniform Resource Locator">URL</abbr> on this SP.</div>
The IDP Initiated <abbrtitle="Uniform Resource Locator">URL</abbr> is the <abbrtitle="Single Sign On">SSO</abbr><abbrtitle="Security Assertion Markup Language">SAML</abbr><abbrtitle="Uniform Resource Locator">URL</abbr> with GET parameters:
For example: <ahref="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&spConfKey=simplesamlphp"class="urlextern"title="http://auth.example.com/saml/singleSignOn?IDPInitiated=1&spConfKey=simplesamlphp"rel="nofollow">http://auth.example.com/saml/singleSignOn?IDPInitiated=1&spConfKey=simplesamlphp</a>