Using SAML

In this module we can create services and objects or integrate with 3rd party services.

Magnet Server and SAML

SAML (Security Assertion Markup Language) is an XML based open-standard data format for exchanging authentication and authorization data between parties. In particular, it exchanges data between an identity provider and a service provider. See https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language for more information.

In the configuration steps and login flow below:

  • The IdP (Identity Provider) provides login info and other details about the user. For example, this could be LDAP or AD.
  • The SP (Service Provider) is the application that is being authenticated with. In this case, the Magnet Server application.

Configuration Steps

  1. Get the certificate from IdP and put in into the Magnet Server config folder (mms30/server/config/default).
  2. Update the saml2.properties file (in mms30/server/config/default) like this:
    1. Set the signature algorithm type to the type the IdP is using (signature.algorithm).
    2. Set the IdP certificate (from Step 1) filename (idp.trust.certificate.filename).
    3. Set the IdP URI (idp.uri) to the location of the IdP.
    4. Set saml2.enabled=true.
  3. Download the SP's metadata.
  4. Configure the IdP with the metadata.
  5. Create a Relying party trust with that metadata.
  6. Add claim rules which describe what user profile metadata should be returned to the SP.
  7. Now, test the authentication. If everything has been configured correctly, authentication should have occured.

SAML Login Flow

This lane diagram shows the data flow between the client, Magnet Server (the SP) and the IdP.

Lane1