Genero SAML configuration
Specify entries in the FGLPROFILE file to configure the Genero SAML service provider.
FGLPROFILE file entry | Description |
---|---|
saml.entityID |
Defines the SAML entity name for the JGAS, which is how the JGAS is
represented to other SAML partners. Mandatory. Default is urn:genero . |
saml.allowUnsecure |
Defines whether the JGAS accepts unsecured
authentication mechanisms. Default is false (recommended).A SAML authentication mechanism is unsecured if communication between the Identity Provider (IdP) and the JGAS is not performed either over HTTPS or with XML encryption. To secure a SAML communication, use HTTPS (via ISAPI or FastCGI) or use
XML-Encryption by setting the |
saml.wantAssertionsSigned |
Defines whether SAML assertions coming from Identity Providers (IdPs) must be signed. Default
is true (recommended). It is recommended to have
either (or both) saml.wantAssertionsSigned and
saml.wantResponseSigned set to true, to ensure the request was not
altered.If not signed and entry is set to true, the JGAS returns an access denied HTML page. This entry also adds the
|
saml.wantResponseSigned |
Defines whether SAML requests coming from the Identity Providers (IdPs) must be signed.
Default is false . It is recommended to have
either (or both) saml.wantAssertionsSigned and
saml.wantResponseSigned set to true, to ensure the request was not
altered.
You must also take into account the configuration of the Identity Provider (IdP).If not signed and entry is set to true, the JGAS returns an access denied HTML page. |
Assertion encryption
xml.saml_encryption.x509
: path to the X509 certificatexml.saml_encryption.key
: path to the RSA private key
You can use the same X509 certificate and RSA private key for signature, encryption, and metadata signature.
Authentication signature
xml.saml_signature.x509
: path to the X509 certificatexml.saml_signature.key
: path to the RSA private key
You can use the same X509 certificate and RSA private key for signature, encryption, and metadata signature.
Metadata signature
xml.saml_metadata_signature.x509
: path to the X509 certificatexml.saml_metadata_signature.key
: path to the RSA private key
You can use the same X509 certificate and RSA private key for signature, encryption, and metadata signature.
Certificate authority
xml.keystore.calist
: path of colon-separated certificate authorities the Genero SAML service provider trusts.