SAML
Panopticon Streams supports Security Assertion Markup Language, SAML2. Upon a login request, Panopticon Streams will redirect the user to an Identity provider (IdP). The IdP will authenticate the user and redirect the user back to Panopticon Streams. The response message will be controlled and validated. Username and roles will be extracted from the response message and used within Panopticon Streams.
Panopticon Streams will redirect the user back to the IdP upon a logout request. The IdP logout service should then invalidate the SAML token.
Property |
Description |
authentication.saml.assertion.roles |
User attribute for roles configured in the IdP. |
authentication.saml.assertion.username |
User attribute for username configured in the IdP. |
authentication.saml.assertionconsumerservice.url |
The URL to the Panopticon assertion consumer
service. |
authentication.saml.certificate.name |
The name of the certificate used to validate signature and/or sign outgoing SAML messages |
authentication.saml.certificate.password |
The password of the certificate used to validate signature and/or sign outgoing SAML messages.. |
authentication.saml.identityprovider.logout.url |
The URL to the IdP logout service. |
authentication.saml.identityprovider.url |
The URL to the IdP login service. |
authentication.saml.keystore.file |
The location of the Keystore file that contains the certificate. |
authentication.saml.keystore.password |
The password to the Keystore file. |
authentication.saml.serviceprovider.id |
The ID of the service provider configured in the IdP. |
authentication.saml.identityprovider.certificate.file |
Takes a file path to a certificate file that contains the IdP’s public key. |
authentication.saml.identityprovider.signature.validation.required |
Specifies whether to require a valid IdP signature to be present on the SAML response. Default value is false. |
authentication.saml.provider |
The IdP provider. Possible values are OPENSAML, OPENAM. Default value is OPENSAML. |
authentication.saml.keystore.type |
The key store type. Possible values are JKS, JCEKS, PKCS12. Default value is JKS. |
authentication.saml.openam.meta.alias |
The meta alias for the IdP if you are using OpenAM. |