Setting up SAML 2.0 for Polaris
Polaris supports use with SAML 2.0. However, Replicon does not host its own identity provider for SAML 2.0, as it does with SAML 1.1. If you want to use SAML 2.0 with Polaris, you must enlist a third party identity provider.
For information on assigning SAML authentication settings to users, refer to Setting up users for single sign-on.
Setting up SAML in Polaris
Before you set up your identity provider, you need to enable SAML in Polaris and configure transfer settings.
You’ll need either the SAML 2.0 metadata XML file or the public key and transfer URL(s) from your identity provider to carry out this procedure. We recommend configuring SAML 2.0 using the metadata XML file, if you have that option.
If you are using ADFS Servers, you can download your metadata XML file from this location:
If you're using a different identity provider, contact them to find the location of the metadata XML file.
To set up SAML 2.0 in Polaris:
- Log in to Polaris.
- Go to Administration > System and Security > Security Settings.
- From the Authentication Providers section, click the Add Authentication Provider link.
An Add Authentication Provider dialog displays.
- From the Provider Type drop-down in the dialog that displays, select SAML 2.0.
- Either upload the metadata XML file from your identity provider in the Configuration Metadata field, or complete the following fields, with data from your provider:
- SSO HTTP Post URL
- SLO HTTP Redirect URL
- XML Signature Algorithm
- Public Key
- Click Save.
SAML 2.0 will now be enabled, and Polaris set up for use with your identity provider.
Setting up your SAML identity provider
Once you've enabled and configured Polaris, you can configure your identity provider. To do this, you’ll need the Replicon service provider metadata XML file. You can find this file at:
Talk to your identity provider if you need help with setup. We provide an example of configuring ADFS 2.0 to work with SAML 2.0 functionality in Polaris, for those using ADFS 2.0.
If your identity provider doesn't accept the metadata XML file, you can manually configure your provider.