Platform Guide
Integrations LibraryGet in Touch!

How to Configure SAML SSO Authentication for a Hosted Environment

Suggest Edits

Overview

This guide outlines configuring single sign-on (SSO) authentication using a Security Assertion Markup Language (SAML) for an installation hosted on kinops.

ℹ️

For assistance with configuring SAML SSO support in a customer-managed environment, see How to Configure SAML SSO Authentication for a Customer-Managed Environment.

Process

To enable SSO using SAML, create a file named "security.space-slug.properties" using the template below and update the example values to meet your organization's specifications.

ℹ️

The following code is only an example of the security.space-slug.properties file and must be edited for your Space. If you need assistance configuring this file, contact Kinetic Support with your SAML resource available for assistance.

## Define the SAML attributes to  map to email and display name.
security.saml.attributes.email=email
#security.saml.attributes.displayName=FullName
#security.saml.mappings.userAttribute.0.regexMatch=
#security.saml.mappings.userAttribute.0.regexReplace=
#security.saml.mappings.userAttribute.1.name=Office Location
#security.saml.mappings.userAttribute.1.mapping=Office Location
#security.saml.mappings.userAttribute.1.regexMatch=
#security.saml.mappings.userAttribute.1.regexReplace=

#security.saml.mappings.userAttribute.3.name=Site Location
#security.saml.mappings.userAttribute.3.mapping=Site Location

## SAML Service Provider Configuration

## Specify the base URL for the SAML service provider. This must be formatted like this:
## http[s]://hostname[:port]/context/[spaceSlug]/app
## The context will usually be "kinetic". Note that /app does not end in a trailing slash.
## Required: This is required for SAML to effectively build the automated metadata.
## The SP metadata URL is the URL specified plus: /saml/metadata/alias/space-slug
## Example SP Metadata URL: http://localhost:8080/kinetic/acme/app/saml/metadata/alias/acme
## This URL needs to be shared with the IdP.
security.saml.sp.url=https://saml-testing.kinops.io/app

## Specify a custom entity ID for this service provider.
## Optional. The default value is generated as "com:kineticdata:core:SPACESLUG:sp"
security.saml.sp.entityid=https://saml-testing.kinops.io/

## Advanced Service Provider settings:
## Profile used for verification of SSL/TLS connections.
## Values: "pkix" or "metaiop".
## Optional. Default "pkix"
#security.saml.sp.sslsecurityprofile=pkix

## The key used to sign interactions with the SP. This key must be in the keystore and it must
## contain both the public and private key.
#security.saml.sp.signingkey=defaultkey

## The key used to encrypt interactions with the SP. This key must be in the keystore and it must
## contain both the public and private key.
#security.saml.sp.encryptionkey=defaultkey

## Specify the keys for active IDPs.
security.saml.providers=ssocircle

## Example URL-based metadata.
## NB: You must ensure that the SSL certificate or trust certificate is in the global keystore.
security.saml.idp.ssocircle.name=SSO Circle
security.saml.idp.ssocircle.type=url
security.saml.idp.ssocircle.url=https://idp.ssocircle.com/meta-idp.xml

Updated 4 months ago