|
SAML
Panopticon Real Time supports Security Assertion Markup Language, SAML2. Upon a login request, Panopticon Real Time will redirect the user to an Identity provider (IdP). The IdP will authenticate the user and redirect the user back to Panopticon Real Time. The response message will be controlled and validated. Username and roles will be extracted from the response message and used within Panopticon Real Time.
Panopticon Real Time will redirect the user back to the IdP upon a logout request. The IdP logout service should then invalidate the SAML token.
|
Property |
Description |
|
authentication.saml.assertion.roles |
User attribute for roles configured in the IdP. |
|
authentication.saml.assertion.username |
User attribute for username configured in the IdP. |
|
authentication.saml.assertionconsumerservice.url |
The URL to the Panopticon assertion consumer
service. Example: http://localhost:8080/panopticon/server/rest/auth/login |
|
authentication.saml.certificate.name |
The name of the certificate used to validate signature and/or sign outgoing SAML messages |
|
authentication.saml.certificate.password |
The password of the certificate used to validate signature and/or sign outgoing SAML messages.. |
|
authentication.saml.challenge.required |
Determines whether the IdP-first authentication with SAML is enabled or not. To enable, set this property to false. |
|
authentication.saml.identityprovider.logout.url |
The URL to the IdP logout service. |
|
authentication.saml.identityprovider.url |
The URL to the IdP login service. |
|
authentication.saml.keystore.file |
The location of the Keystore file that contains the certificate. |
|
authentication.saml.keystore.password |
The password to the Keystore file. |
|
authentication.saml.serviceprovider.id |
The ID of the service provider configured in the IdP. |
|
authentication.saml.identityprovider.certificate.file |
Takes a file path to a certificate file that contains the IdP’s public key. |
|
authentication.saml.identityprovider.signature.validation.required |
Specifies whether to require a valid IdP signature to be present on the SAML response. Default value is false. |
|
authentication.saml.provider |
The IdP provider. Possible values are OPENSAML, OPENAM. Default value is OPENSAML. |
|
authentication.saml.keystore.type |
The key store type. Possible values are JKS, JCEKS, PKCS12. Default value is JKS. |
|
authentication.saml.login.redirect.url |
Redirects the user to the specified URL after successfully logging in. This property can be left blank, in which case the user is redirected to the URL they requested to access. |
|
authentication.saml.logout.redirect.url |
Redirects the user back to the specified URL after logging out. This is mainly used with a proxy. In which case, Panopticon Real Time does not know the endpoint which the user is going towards to, and therefore cannot redirect the user back to the Overview page. If you are using OpenAM this is required, otherwise this property can be left blank. |
|
authentication.saml.openam.meta.alias |
The meta alias for the IdP if you are using OpenAM. |