Updated on 2024-06-12 GMT+08:00

Configuring Remote SAML Authentication

CBH interconnects with the SAML platform to authenticate CBH system user logins.

This topic describes how to configure the SAML authentication mode.

Prerequisites

  • You have obtained the permission to manage the System module in the CBH system.
  • You have created a user on the SAML platform and obtained related configurations on the SAML platform.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Edit in the SAML Settings area.

    Figure 2 Configuring SAML authentication
    Table 1 SAML authentication parameters

    Parameter

    Description

    Status

    Specifies the status of remote SAML authentication (default: ).

    • : SAML-based authentication is enabled. Remote SAML authentication is enabled when the user logs in to the CBH system.
    • : SAML-based authentication is disabled.

    Entity ID

    Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).

    Identifier: Enter the following part of EntityID.

    NameIdFormat

    Obtain the metadata from IdP (Shibboleth IDP, which is configured in the C:\Program Files (x86)\Shibboleth\IdP\metadata directory by default).

    NameIdFormat: The value urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified is recommended.

    Signature certificate

    Enter the signing certificate of FrontChannel displayed in the IdP.

    Logon URL

    Enter the location address of SingleSignOnService displayed in the HTTP-Redirect.

    Logout URL

    Enter the location address of SingleSLogoutService displayed in the HTTP-Redirect.

    Reply URL

    The default value of Host is the IP address of Localhost. Set this parameter based on the site requirements, for example, the domain name.

  4. Click OK to submit the configuration data. You can view and manage SAML authentication configurations.