Configuring a New SAML Configuration

Before configuring SAML in Shares, make sure you have properly configured your SAML IdP (see Configuring Your Identity Provider (IdP)).
  1. Go to Authentication > SAML Configurations.
  2. Click New SAML Configuration.
  3. Name the SAML configuration.
  4. In the SSO target URL field, enter your IdP Single Sign-On URL.
  5. Select the algorithm of your IdP from the Fingerprint algorithm drop-down menu.
  6. Enter the IdP Fingerprint or Certificate. Only one of these two fields is required to authenticate with the SAML IdP.
  7. Choose the Name ID format used to authenticate with the SAML IdP.
    The Name ID format must match the format used with your IdP. Shares supports the following formats: Unspecified, Transient, Persistent, or Email Address. When set to Unspecified, any Name ID format returned by the IdP is accepted.
  8. In the Allowable clock drift field, configure the milliseconds allowed for clock drift between Shares and the SAML IdPs when validating SAML responses. The default is 0.
  9. If you wish to allow only SAML users who are members of existing SAML groups to login, enable the Restrict login to known groups option.
  10. If you wish to allow only existing SAML users to login, enable the Restrict login to known users option.
  11. Enter the SAML attributes that match the following user fields in Shares.
    SAML Attribute Shares User Field
    Email Email address
    First name First name
    Last name Last name
    Member of SAML group
  12. Choose whether Shares signs authentication requests.
    If you choose the sign authentication requests, you must configure the following fields:
    Authentication Request Field Description
    AuthN request digest method The encryption method for the digest
    AuthN request signature method The encryption method for the signature
    AuthN request certificate The request certificate
    AuthN request private key The RSA private key associated with the certificate
  13. Click Create.