Identity Provider Settings

The IdP (Identity Provider) settings can be found under the navigation link Identity Provider, Identity Provider Settings tab.

Metadata Settings

The metadata settings are pre-populated with the options selected during the installation. The following fields are available to edit:

Field Details
Entity ID   Entity ID is globally unique name for a SAML entity. Entity ID should be permanent and chosen with care. You can use the IdP URL or your company name.
Metadata Signing Algorithm The algorithm which is used to produce a hash value. It's used to digitally sign an XML document (Metadata is an XML document) so that the relying party (Service Provider) can assert the issuer of metadata is indeed the IdP. Recommended setting: RSA-SHA256.
Wants Signed Requests
(Authn And Logout)
This is an IdP setting which enforces security by forcing service providers to sign requests (XML documents). Requests are signed using SP's private key and then verified using SP's public key. The IdP obtains the SP's public key (delivered as x.509 certificate) during metadata exchange. These XML signatures are hashed, for easier transport and comparison. Each SP can use a different hashing algorithm (SHA1, SHA256, etc). When an SP is added, you can optionally select the Digest Algorithm in the dropdown. That indicates which hashing algorithm is going to be used to verify the signature for that particular SP. When AuthN (AuhteNtication Request) is signed, the IdP asserts that the request is coming from the actual SP and not from an unknown website. Same goes for LogoutRequest. For security reasons this should be left enabled.
Organisation Name The organisation name displayed in the metadata.
Organisation Display Name The organisation display name, used in messages displayed to the user, such as "Powered by..."
Organisation URL The URL of your organisation

Certificate Settings

The certificate and private key are pre-populated from the installation process, this area allows new certificates to be uploaded.

Contact Settings

The contacts list is populated within the IdP metadata, which is shared with other service providers and federations. It is generally expected to include an administrative and support contact within the metadata.

HTTP(s) Endpoints

The list of HTTP(s) endpoints available to third parties. The metadata link is provided which will open to a new window. This metadata URL should be shared with third parties who wish to integrate with AuthStack. When changes are made to the IdP settings the metadata is automatically updated as it is created dynamically.

Previous Article


We're happy to talk

Our offices are open 8.30am - 7pm GMT, Monday to Friday - but you can always contact us via email. When we receive your email during opening hours, we aim to respond within 30 minutes or less. Should your email reach us out of hours, we will contact you when the office re-opens.

You can contact us using live chat