SAML (Security Assertion Markup Language) authentication is a standard protocol used for Single Sign-On (SSO). SAML allows users to authenticate with a service (Service Provider or SP) using credentials from a central Identity Provider (IdP). This process enhances security and provides a seamless login experience across multiple platforms.
...
In the Configure saml dialog, add in the parameters for your SAML configuration.
SAML parameters
| Key | Description | Example | Comment |
|---|---|---|---|
| Single Sign-On (SSO) URL | IDP SSO URL | https://cloak.opmantek.net/realms/my_realm/protocol/saml/clients/omk-2 | The SSO URL is used by the SP to initiate the authentication process. It typically points to the IdP's SAML endpoint where the SP sends an authentication request (AuthnRequest) XML document. |
| Metadata URL | IDP Metadata URL | https://cloak.opmantek.net/realms/my_realm/protocol/saml/descriptor | The Metadata URL provides essential information about the IdP to the SP, including endpoints, certificates, and other settings required for SAML authentication. |
| Username Attribute | IDP Username attribute which corresponds to NMIS User | Username | (optional) SAML IDP attribute to be mapped to NMIS Username. SAML response from the IdP needs to have a saml:Attribute which contains the NMIS Username, If the NMIS Username is present in the saml:NameID tag then this Username Attribute parameter can be left empty |
| Login Label | SAML Button label in the FirstWave Login page | Keycloak SAML | (optional) You can choose how you label the SAML login button on the FirstWave login screen. Eg "Login with Keycloak SAML". The default is "SAML". |
| Auth SameSite Cookie | Cookie samesite configuration | Lax | The SameSite attribute for cookies is used to control whether cookies are sent along with cross-site requests. This has to be set to Lax for SAML. |
Press Update and Save the configuration.
Restart OMK Daemon
...