SAML 2.0 authentication method

FoxIDs SAML 2.0 authentication method which trust an external SAML 2.0 Identity Provider (IdP).

By configuring an SAML 2.0 authentication method and a OpenID Connect application registration FoxIDs become a bridge between SAML 2.0 and OpenID Connect. FoxIDs will then handle the SAML 2.0 connection as a Relying Party (RP) / Service Provider (SP) and you only need to care about OpenID Connect in your application.

It is possible to configure multiple SAML 2.0 authentication methods which can then be selected by OpenID Connect application registrations and SAML 2.0 application registrations.

FoxIDs support SAMl 2.0 redirect and post bindings. Both the login, logout and single logout SAML 2.0 profiles are supported. The Artifact profile is not supported.

A authentication method expose SAML 2.0 metadata and can be configured with SAML 2.0 metadata or by manually adding the configuration details.

The FoxIDs SAML 2.0 metadata do only include logout and single logout information if logout is configured in the SAML 2.0 authentication method.

How to guides:

• Connect AD FS
• Connect PingIdentity / PingOne
• Connect NemLog-in (Danish IdP)
• Connect Context Handler (Danish IdP)

Configuration

How to configure an external SAML 2.0 Identity Provider (IdP).

The FoxIDs SAML 2.0 authentication method metadata endpoint is https://foxids.com/tenant-x/environment-y/(some_external_idp)/saml/spmetadata
if the IdP is configured in tenant tenant-x and environment environment-y with the authentication method name some_external_idp

The following screen shot show the basic FoxIDs SAML 2.0 authentication method configuration available in FoxIDs Control Client. Where the configuration is created with the external IdP metadata.

More configuration options become available by clicking Show advanced settings.

Manual configuration become available by disabling Automatic update.

Change the issued SAML 2.0 claim collection with claim transforms.