SAML
These properties are required when com.unraveldata.login.mode=saml.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
com.unraveldata.login.saml.config Fully qualified path to a SAML JSON file. | Optional | string (path) | - |
com.unraveldata.login.admins.saml.groups Grants read/write admin access to an AD user who belongs to a specified group. Value: a comma-separated list of groups. | CSL | - | |
com.unraveldata.login.admins.readonly.saml.groups Grants read-only admin access to an AD user who belongs to a specified group. Value: a comma-separated list of groups. | CSL | - | |
com.unraveldata.saml.groupFilter Restricts access to a few selected SAML groups. Example: secs-lab-admins, secs-lab-users. | CSL | By default, all SAML groups are allowed" |
Note
These properties are set in the saml.json file specified by com.unraveldata.login.saml.config.
Property/Description | Set by user | Unit | Default |
|---|---|---|---|
entryPoint Identity provider entry point, It must be specified to be spec-compliant when the request is signed. Example: | Optional | - | - |
issuer Issuer string to supply to the identity provider (Environment name). It should match the name configured in ldp. Example: | Optional | - | - |
cert IDP's public signing certificate. Example: | Optional | - | - |
unravel_mapping Mapping SAML attributes to Unravel attributes. Specific to unravel Integration. | - | - | - |
Example saml.json
{
"entryPoint":"http://myHost.unraveldata.com:9080/simplesaml/saml2/idp/SSOService.php",
"issuer":"localhost",
"logoutUrl":"http://myHost.unraveldata.com:9080/simplesaml/saml2/idp/SingleLogoutService.php",
"callbackUrl":"https://congo51.unraveldata.com:3000/saml/consume",
"cert":"MIIDXTCCAkWgAwIBAgIJALmVVuDWu4NYMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdAcQf2CGAaVfwTTfSlzNLsF2lW/ly7yapFzlYSJLGoVE+OHEu8g5SlNACUEfkXw+5Eghh+KzlIN7R6Q7r2ixWNFBC/jWf7NKUfJyX8qIG5md1YUeT6GBW9Bm2/1/RiO24JTaYlfLdKK9TYb8sG5B+OLab2DImG99CJ25RkAcSobWNF5zD0O6lgOo3cEdB/ksCq3hmtlC/DlLZ/D8CJ+7VuZnS1rR2naQ==",
...
}