Help Center/ Cloud Bastion Host/ User Guide/ User/ Remote Authentication Management/ Configuring Remote SAML Authentication
Updated on 2024-09-24 GMT+08:00

Configuring Remote SAML Authentication

You can interconnect your bastion host with the SAML platform to authenticate logins to your bastion host.

This topic describes how to configure the SAML authentication mode.

Prerequisites

  • You have obtained the permission to manage the System module in the bastion host.
  • You have created a user on the SAML platform and obtained related configurations on the SAML platform.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Edit in the SAML Settings area.

    Figure 2 Configuring SAML authentication
    Table 1 SAML authentication parameters

    Parameter

    Description

    Status

    Specifies the status of remote SAML authentication (default: ).

    • : SAML-based authentication is enabled. Remote SAML authentication is enabled when the user starts a login.
    • : SAML-based authentication is disabled.

    Cover Existing Users

    Whether to enable the SAML overwriting function. The default value is .

    • : If an account with the same username already exists, the existing account will be overwritten.
    • : If an account with the same name already exists, the SAML user fails to be created in the system.

    Entity ID

    Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).

    Identifier: Enter the following part of EntityID.

    NameIdFormat

    Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).

    NameIdFormat: The value urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is recommended.

    Signature certificate

    Enter the signing certificate of FrontChannel displayed in the IdP.

    Logon URL

    Enter the location address of SingleSignOnService displayed in the HTTP-Redirect.

    Logout URL

    Enter the location address of SingleSLogoutService displayed in the HTTP-Redirect.

    Reply URL

    The default value of Host is the IP address of Localhost. Set this parameter based on the site requirements, for example, the domain name.

  4. Click OK to submit the configuration data. You can view and manage SAML authentication configurations.