What parameter values should I set while configuring Bonita SP in my SAML IdP?

Submitted by unai.gaston.caminos on Tue, 11/17/2020 - 11:06

Hi,

In order to set up SAML SSO in Bonita server, the third-party IdP (Identity Provider, e.g.: Keycloak IdP Server, Microsoft AD, ForgeRock OpenAM, ...) must be configured so it recognises the Bonita server as an SP (Service Provider).

Could you please validate I got these IdP configuration parameters right?

SSO end point:
- Login: https://bonitasoft.host:port/bonita/loginservice
- Logout: https://bonitasoft.host:port/bonita/logoutservice or https://bonitasoft.host:port/bonita/samlLogout ?
HTTP-POST url / Assertion url: https://bonitasoft.host:port/bonita/saml
Nameid format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified (i.e. the one in the Bonita server's keycloak-saml.xml nameIDPolicyFormat attribute)

Thanks in advance for your help.

Unai

SAML

Log in or register to post comments
1297 reads

1 answer

Submitted by anthony.birembaut on Tue, 11/17/2020 - 11:50

This one is the BEST answer!

Hello Unai,
I don't know why the IdP would need a login URL. Normally a "base URL" is enough. Like https://bonitasoft.host:port/bonita
Unless this is the URL to redirect to once logged in ? In any case, the IdP doesn't need loginservice
For the logout, it's https://bonitasoft.host:port/bonita/samlLogout
The rest is ok.

HTH

Log in or register to post comments
169 reads

Comments

Submitted by unai.gaston.caminos on Tue, 11/17/2020 - 15:28

Thanks, Anthony!

Permalink