Service Provider Setup
1. Uploading Metadata
You can upload your IdP metadata by clicking on ‘Upload IDP Metadata’ button which provide you with two options :
-
You have to provide the name of your Identity Provider (Only alphabets, numbers and underscore is allowed) and choose the .xml file containing the metadata from your device and Upload it.
-
You can enter the metadata URL of your IdP and click on Fetch Metadata.
Here, you are provided with an option to update IdP settings from the metadata URL, this ensures that if the IDP configuration changes it remains in sync with the IDP configuration in the Plugin for seamless SSO. ( Most of the time, IDP certificates change which breaks the SSO because the latest certificate is not present in the plugin). To ensure that SSO doesn't break it is recommended to fetch the metadata by URL.
Note: This is present in all our plugins from the Premium / Enterprise / All Inclusive plans.
2. Manual Configuration
You can manually provide your IdP credentials where you need to provide the required settings and save them.
- Identity Provider Name
- IdP Entity ID or Issuer
- SAML Login URL ( The url where SAML request needs to be posted not the login URL )
- X.509 Certificate from the IDP.
Test Configuration : After you provide your IdP’s metadata URL, you SAVE it and go to Test Configuration. There a new window will open which will display either of the following configuration status :-
- Configuration successful – with user attributes.
- Error message – if any configuration error is sent by IdP.
When you are configuring your IdP, you will be given two options to send your SAML request in the “Sign SSO & SLO Requests” option.
Enabling these settings adds another layer of security to your SSO process as the SSO and SLO requests will be digitally signed using the default signing and encryption certificate present in the plugin. You can also use your own custom certificate for this instead.
NOTE - This option is present in the Premium, Enterprise and All Inclusive plans.
You can select any of these options to send your SAML Request if your IDP supports the selected methods.
- HTTP-Post binding type
- HTTP-Redirect binding type
While configuring, it also provides the feature to add a Single Logout URL. But, this feature will only work if your IDP supports Single logout. Here also you can select the option of binding type to send your request.
Note: This is present in all our plugins from the Premium plan onwards.
Export Plugin Configuration : It also gives an option of Export Plugin Configuration where you can download a .json file which contains the following things :
- Complete configuration of your plugin
- Request generated from SP side
- Response received from Identity Provider
- Version and dependencies status
Note: Options 2 and 3 will only be present if the user has already done the test configuration.
Character Encoding : Enabling the “Character encoding” setting allows for converting the X509 certificate in the UTF-8 encoding format, which makes it easier for all web browsers to interpret and recognize it without any misinterpretations due to other encoding formats.
If the IdP sends any error in test configuration, you have the option to download the .json file in that window also. There, the .json file will also show the Error occurred with its cause.
After you download the .json file if any error occurred in your configuration, you just have to mail us at samlsupport@xecurify.com and our support team will get back to you.
For more information visit our WordPress SSO page.