Configuring Remote SAML Authentication
You can interconnect your bastion host with the SAML platform to authenticate logins to your bastion host.
This topic describes how to configure the SAML authentication mode.
Prerequisites
- You have obtained the permission to manage the System module in the bastion host.
- You have created a user on the SAML platform and obtained related configurations on the SAML platform.
Procedure
- Log in to your bastion host.
- Choose System > Sysconfig > Authenticate.
Figure 1 Configuring remote authentication
- Click Edit in the SAML Settings area.
Figure 2 Configuring SAML authentication
Table 1 SAML authentication parameters Parameter
Description
Status
Specifies the status of remote SAML authentication (default: ).
- : SAML-based authentication is enabled. Remote SAML authentication is enabled when the user starts a login.
- : SAML-based authentication is disabled.
Cover Existing Users
Whether to enable the SAML overwriting function. The default value is .
- : If an account with the same username already exists, the existing account will be overwritten.
- : If an account with the same name already exists, the SAML user fails to be created in the system.
Entity ID
Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).
Identifier: Enter the following part of EntityID.
NameIdFormat
Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).
NameIdFormat: The value urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is recommended.
Signature certificate
Enter the signing certificate of FrontChannel displayed in the IdP.
Logon URL
Enter the location address of SingleSignOnService displayed in the HTTP-Redirect.
Logout URL
Enter the location address of SingleSLogoutService displayed in the HTTP-Redirect.
Reply URL
The default value of Host is the IP address of Localhost. Set this parameter based on the site requirements, for example, the domain name.
- Click OK to submit the configuration data. You can view and manage SAML authentication configurations.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.