SAML 2.0 authentication method
FoxIDs SAML 2.0 authentication method which trust an external SAML 2.0 Identity Provider (IdP).
By configuring an SAML 2.0 authentication method and a OpenID Connect application registration FoxIDs become a bridge between SAML 2.0 and OpenID Connect. FoxIDs will then handle the SAML 2.0 connection as a Relying Party (RP) / Service Provider (SP) and you only need to care about OpenID Connect in your application.
It is possible to configure multiple SAML 2.0 authentication methods which can then be selected by OpenID Connect application registrations and SAML 2.0 application registrations.
FoxIDs support SAMl 2.0 redirect and post bindings. Both the login, logout and single logout SAML 2.0 profiles are supported. The Artifact profile is not supported.
A authentication method expose SAML 2.0 metadata and can be configured with SAML 2.0 metadata or by manually adding the configuration details.
The FoxIDs SAML 2.0 metadata do only include logout and single logout information if logout is configured in the SAML 2.0 authentication method.
How to guides:
- Connect AD FS
- Connect PingIdentity / PingOne
- Connect NemLog-in (Danish IdP)
- Connect Context Handler (Danish IdP)
Configuration
How to configure an external SAML 2.0 Identity Provider (IdP).
The FoxIDs SAML 2.0 authentication method metadata endpoint is
https://foxids.com/tenant-x/environment-y/(some_external_idp)/saml/spmetadata
if the IdP is configured in tenanttenant-x
and environmentenvironment-y
with the authentication method namesome_external_idp
The following screen shot show the basic FoxIDs SAML 2.0 authentication method configuration available in FoxIDs Control Client. Where the configuration is created with the external IdP metadata.
More configuration options become available by clicking
Show advanced
.
Manual configuration become available by disabling Automatic update
.
Change the issued SAML 2.0 claim collection with claim transforms.