SAML is an XML-based standard for exchanging authentication data between a service provider (such as Replicon) and an identity provider. It allows users to employ web browser single sign-on.
If you want to use SAML with Replicon and you aren’t already enrolled with a SAML identity provider, Replicon can provide you with one that you can set up on a server in your network. Follow the procedure given on this topic to set it up.
If you want to use a different identity provider, contact Replicon Support for information on how to configure your provider to work with Replicon.
Replicon also supports SAML 2.0, although we do not host an identity provider for it.
For information on setting up SSO based on an OpenID Connect provider, refer to Setting up single sign-on.
For information on assigning SAML authentication settings to users, refer to Setting up users for single sign-on.
To set up your identity provider and enable SAML in Replicon:
Use your system’s Internet Information Services (IIS) Manager to carry out the following procedures.
Right-click the web site name, and select New > Virtual Directory. In the window that displays, in the Alias field, enter SAML; in the Path field, browse to and select the location of the SAML folder you created. Click Next.
Under Allow the following permissions, ensure Read and Execute permissions are enabled.
Right-click the web site name, and select Add Virtual Directory. In the window that displays, in the Alias field, enter SAML; in the Physical Path field, browse to and select the location of the SAML folder you created. Click OK.
To assign permissions for the directory, in the Features View, select Handler Mappings. Right-click the ISAPI.dll and select Edit Feature Permissions. In the window that displays, enable Read and Execute permissions. Click OK.
Right-click the SAML directory and select Properties. On the Virtual Directory tab, click the Create button located in the Application settings area. Select OK.
First ensure that Connect As is set as Application user (pass-through authentication) and that DynamicCompressionModule and StaticCompressionModule are removed from the Modules section. Then, right-click the SAML directory and select Convert to Application, and select OK.
<add key="ServiceProviderURL" value="https://service.url/path/saml.ashx" />
Modify the line to include your Replicon installation’s URL:
<add key="ServiceProviderURL" value="https://global.replicon.com/!/saml/CompanyKey" />1
It will create two new files in that sub-directory: private.pfx and public.cer
An Add Authentication Provider dialog displays.
In this field, enter the full server:port number2 for the virtual directory you created. This URL must include the 'target' parameter. It should look something like this:
In this field, upload the public.cer file from the bin directory you generated when setting up the identity provider.
To set up users:
These users can log in to Replicon at https://servername:portnumber/SAML2.
1 Your CompanyKey is the name of your company (i.e. the name you used when you created your instance, and the name users enter in the Company field on the Replicon login page).
2 The port number can be excluded if you are using port 80.