Inventu Viewer+ Configuration Management

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Configuration Web Page (Admin.html) > Web Server Tab > Security > SAML 2.0 Security

SAML 2.0 General Configuration Notes

As the configuration of SAML 2.0 applications varies between providers (as do their user interfaces!), here we will describe general configuration notes.

First of all, even if you are using clustered servers, assuming a common URL that will be managed by a load balancer, you only need to define one SAML 2.0 application for your clustered FVTerm environment.

Properties You Will Provide During Configuration

SAML 2.0 configuration includes some values that you will enter along with values that will be provided to your by your provider once you have created a SAML 2.0 application.

In SalesForce, for example, a SAML 2.0 application is defined by adding a Connected App while in OKTA, at the time of this writing, you must use the "Classic" Admin user interface in order to add an application that is SAML 2.0 instead of OpenID.

There are two key properties that you will provide during a SAML 2.0 application configuration: the ACS Signon URL and an identifier for your application. Different providers call these different things.

The ACS URL

When setting the value, for example, if your FVTerm application is accessed with the URL https://viewer.mycompany.com/fvterm then the ACS URL will be https://viewer.mycompany.com/fvterm/SAMLAcs.aspx.

SalesForce:

In SalesForce, the Start URL and ACS URL will be the same thing and will need to point to the URL that your users access your FVTerm application folder along with the page name "SAMLAcs.aspx"

OKTA:

With OKTA this is called the Single Sign On URL, the Recipient URL and the Destination URL.

Active Directory Federation Services:

See the Active Directory Federation Services Setup section for guidance on configuring ADFS -- this value is the EndPoint URL for your ADFS Relying Party Trust

The Application Identifier

This value is entered for each SAML 2.0 provider with your own text to identify the application. For example, something like "MyCompany_FVTerm1"

With SalesForce, the value you enter for the Entity Id will be the same value you will then enter in the configuration for SAML 2.0 Issuer Identifier. However, for OKTA, the value you enter will subsequently be known as the "Audience Restriction" and what you need to following the instructions for the SAML 2.0 Issuer Identifier in order to retrieve and configure the correct value for OKTA integration. For ADFS this is the name given to your Relying Party Trust.

Other values are copied from your provider once you have the SAML 2.0 application defined. See individual property help entries for each required entry for FVTerm integration including SAML 2.0 Issuer URL for Authenticating, SAML 2.0 Issuer Identifier, SAML 2.0 Provider Name and SAML 2.0 Certificate File Path.