What parameter values should I set while configuring Bonita SP in my SAML IdP?
Hi,
In order to set up SAML SSO in Bonita server, the third-party IdP (Identity Provider, e.g.: Keycloak IdP Server, Microsoft AD, ForgeRock OpenAM, ...) must be configured so it recognises the Bonita server as an SP (Service Provider).
Could you please validate I got these IdP configuration parameters right?
- SSO end point:
- Login: https://bonitasoft.host:port/bonita/loginservice
- Logout: https://bonitasoft.host:port/bonita/logoutservice or https://bonitasoft.host:port/bonita/samlLogout ?
- HTTP-POST url / Assertion url: https://bonitasoft.host:port/bonita/saml
- Nameid format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified (i.e. the one in the Bonita server's keycloak-saml.xml nameIDPolicyFormat attribute)
Thanks in advance for your help.
Unai
1 answer
Hello Unai,
I don't know why the IdP would need a login URL. Normally a "base URL" is enough. Like https://bonitasoft.host:port/bonita
Unless this is the URL to redirect to once logged in ? In any case, the IdP doesn't need loginservice
For the logout, it's https://bonitasoft.host:port/bonita/samlLogout
The rest is ok.
HTH
Comments
Thanks, Anthony!