Configuring Remote SAML Authentication

You can interconnect your bastion host with the SAML platform to authenticate logins to your bastion host.

This topic describes how to configure the SAML authentication mode.

You have obtained the permission to manage the System module in the bastion host.
You have created a user on the SAML platform and obtained related configurations on the SAML platform.

Log in to your bastion host.
Choose System > Sysconfig > Authenticate.

Figure 1 Configuring remote authentication

Click Edit in the SAML Settings area.

Figure 2 Configuring SAML authentication

**Table 1** SAML authentication parameters
Parameter	Description
Status	Specifies the status of remote SAML authentication (default: ). : SAML-based authentication is enabled. Remote SAML authentication is enabled when the user starts a login. : SAML-based authentication is disabled.
Cover Existing Users	Whether to enable the SAML overwriting function. The default value is . : If an account with the same username already exists, the existing account will be overwritten. : If an account with the same name already exists, the SAML user fails to be created in the system.
Entity ID	Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default). Identifier: Enter the following part of EntityID.
NameIdFormat	Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default). NameIdFormat: The value urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is recommended.
Signature certificate	Enter the signing certificate of FrontChannel displayed in the IdP.
Logon URL	Enter the location address of SingleSignOnService displayed in the HTTP-Redirect.
Logout URL	Enter the location address of SingleSLogoutService displayed in the HTTP-Redirect.
Reply URL	The default value of Host is the IP address of Localhost. Set this parameter based on the site requirements, for example, the domain name.