Sample SAML configuration

The following snippet is a typical deployment for SAML. You can paste and then modify this snippet in Tomcat’s configuration file context.xml.

<Environment name="dari/defaultSamlCredential" override="false" type="java.lang.String" value="default" />
<Environment name="dari/samlCredential/default/class" override="false" type="java.lang.String" value="com.psddev.saml.SamlX509Auth" />
<Environment name="dari/samlCredential/default/idpMetaDataPath" override="false" type="java.lang.String" value="/servers/tomcat/conf/idp_saml_metadata.xml" />
<Environment name="dari/samlCredential/default/cmsLogin" override="false" type="java.lang.String" value="true" />
<Environment name="dari/samlCredential/default/entityId" override="false" type="java.lang.String" value="https://samltest.id/saml/sp" />
<Environment name="dari/samlCredential/default/emailAttributeField" override="false" type="java.lang.String" value="email" />
<Environment name="dari/samlCredential/default/identityProviderUrl" override="false" type="java.lang.String" value="http://sso.example.com/idp/SSOService.php" />
<Environment name="dari/samlCredential/default/authLinkName" override="false" type="java.lang.String" value="Single Sign On" />

• 1. Sets the prefix for the default configuration. See Default SAML configuration.
• 2. Configures the class for examining the SAML response. See Credential class.
• 3. Configures the path to the identity provider’s metadata file. See Path to identity provider’s metadata.
• 4. Indicates the SAML configuration default is enabled for allowing logins to Brightspot (instead of to a front-end). See CMS login.
• 5. Configures the identity provider’s unique ID. See Entity ID.
• 6. Configures the name of the email attribute field in the SAML assertion. See Email attribute field name.
• 7. Configures URL to which Brightspot sends SAML requests. See Identity provider’s URL.
• 8. Specifies label on the SSO login control. See Authentication link name.