Loading...

Managing Service Providers

Services providers can be found within the Identity Provider navigation link.

Existing Service Providers

The first page loads a list of existing Service Providers. Search facilities can be found in the top right of the screen.

Adding a new Service Provider

Click Add a Service Provider in the top right of the screen.

file

There are two ways to add a Service Provider, either paste the metadata into the XML box and parse, or enter the metadata URL and click Retreive and Parse Metadata.

file

Once the XML has been parsed, some or all of the options on the right hand side will be pre-selected with the values provided by the Service Provider. However, in some cases the metadata lacks certain information and therefore the options will be pre-selected with the most commonly supported values.

Once the metadata has been parsed, further details need to be completed:

Field Details
Title   This title is used within AuthStack for informational purposes, such as App Listing
URL The URL is used within AuthStack to provide a link to the SSO or administrator user(s) from the App Directory
Custom CSS class(es) CSS classes are used to visually distinguish Apps within the App listing and App Directory. By default, Font Awesome icons are supported in both the frontend and the administration panel.Example: fa fa-rocket. If you wish to include custom CSS classes on the frontend, add a reference to the custom class in addition to the system classes.
Example: fa fa-rocket your-icon-class
Visibility Controls the visibility of the Service Provider when loading the Service Provider list from the AuthStack Apps page. See Setting Service Provider permissions further down.
Connection For User Authentication Select the connection where the user credentials will be matched against, when signing in from the Service Provider. If there are no connections, setup a new connection.
Attribute Mapping Set, For Attribute Transformation Select the attribute mapping set, which is used to describe and transform the data provided by the authentication source, via the connection.
Digest Algorithm Hashing algorithm used to produce an XML signature for Assertions and/or SAML Messages.
Block Encryption Algorithm Encryption algorithm that will be used to encrypt Assertions. Encryption key is generated at random and encrypted using the IdP's private key. SP decrypts using the IdP's public key. SP uses the secret that was decrypted, to decrypt Assertions.
Key Transport Encryption Algorithm Algorithm used for encrypting the key that's used for Assertion Encryption.


There may be certain situations where you need to try different Block Encryption Algorithms and Key Transport Encryption Algorithms until all errors pass. Errors will appear once an SSO test is run. The Service Provider may throw an exception or show an error detailing what failed. In our experience, some Service Providers do not adequately document this part of the process, so trial and error is often required. However, with only a limited set of options this process is fairly quick.

Setting Service Provider Permissions

When setting up a Service Provider there may be situations where you only want logged in or authorised users to have visibility. Even if the user cannot login, it's best practice not to display apps which the user is not permitted to access. This could include sensitive and/or test apps.

Privacy options include:

  • Public (available to all users)
  • Private (Only available to logged in users)
  • Private (Only available to authorised users)

Private / authorised allows the setting of an attribute and value(s) to check against.

In the below example, this is memberOf. If the user is a memberOf admin or developer group, they can see the Service Provider in the listing.

file

Service Provider Certificates

Once the metadata is parsed the certificate information will be shown under the Certificates tab, within the Service Provider view.

file

Typically there are two certificates, one for signing and the other for encryption.

Service Provider Advanced Details

The Assertion Consumer Service Endpoints tab shows the binding values and endpoints for the Service Provider, along with the contacts whom can be reached for assistance with integration.


Previous Article

IdP Settings

Next Article

LDAP Connections

We're happy to talk

Our offices are open 8.30am - 7pm GMT, Monday to Friday - but you can always contact us via email. When we receive your email during opening hours, we aim to respond within 30 minutes or less. Should your email reach us out of hours, we will contact you when the office re-opens.

You can contact us using live chat