Configuring Remote SAML Authentication

Prerequisites

• You have obtained the permission to manage the System module in the CBH system.
• You have created a user on the SAML platform and obtained related configurations on the SAML platform.

Procedure

1. Log in to the CBH system.
2. Choose System > Sysconfig > Authenticate.
   Figure 1 Configuring remote authentication
   

3. Click Edit in the SAML Settings area.
   Figure 2 Configuring SAML authentication
   

   Table 1 SAML authentication parameters

   Parameter	Description
   Status	Specifies the status of remote SAML authentication (default: ). : SAML-based authentication is enabled. Remote SAML authentication is enabled when the user logs in to the CBH system. : SAML-based authentication is disabled.
   Entity ID	Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default). Identifier: Enter the following part of EntityID.
   NameIdFormat	Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default). NameIdFormat: The value urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is recommended.
   Signature certificate	Enter the signing certificate of FrontChannel displayed in the IdP.
   Logon URL	Enter the location address of SingleSignOnService displayed in the HTTP-Redirect.
   Logout URL	Enter the location address of SingleSLogoutService displayed in the HTTP-Redirect.
   Reply URL	The default value of Host is the IP address of Localhost. Set this parameter based on the site requirements, for example, the domain name.

4. Click OK to submit the configuration data. You can view and manage SAML authentication configurations.