Manually configuring your SAML 2.0 identity provider
Once you've set up Polaris for use with your SAML 2.0 identity provider, you'll need to configure your identity provider for use with Polaris.
In most cases, you should only need your metadata xml file to set up your identity provider. If you need to manually configure your identity provider (that is, it requires SSO and SLO URLs, and a certificate), you can find or derive the required data from your metadata xml file. See below for details.
Talk to your identity provider if you need help with setup. We provide an example of configuring ADFS 2.0 to work with SAML 2.0 functionality in Polaris, for those using ADFS 2.0.
Obtaining the data required to manually configure a service provider
Your Polaris service provider metadata xml file is located here:
In this file:
The Service Provider single sign on (SSO) URL is located in the Location attribute of the AssertionConsumerService element. For example:
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://global.replicon.com/!/saml2/YourCompanyKey/sso/post" index="1" isDefault="true" />
The Service Provider single logout (SLO) URL is located in the Location attribute of the SingleLogoutService element. For example:
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://global.replicon.com/!/saml2/YourCompanyKey/slo/redirect" />
You can create a certificate by doing the following :
- Create a new file with a .cer extension using a text editor.
- Enter the following text in the file:
For the first line, type:
For the second line, copy the content inside the <X509Certificate> </X509Certificate> element tags in the metadata xml.
For the last line, type:
The file content should look something like this:
Setting up SAML 2.0 for Polaris
Using SAML for single sign on