Overriding the service provider settings for a SAML SSO authentication service
Version:
The service provider settings for a SAML SSO authentication service are automatically populated when you create the authentication service. You can override the default values.
-
Open the service from the navigation panel in Dev Studio by clicking SAML 2.0 tab, expand the Service Provider (SP) settings section.
and choosing a service from the instance list. On the -
In the Entity identification field, enter an entity ID that is auto-populated in the new authentication services.
-
In the Login (SSO) protocol binding list, the system provides a default protocol binding. You can change the binding protocol to one of the following.
- HTTP Post – SAML protocol messages are transmitted in an HTML form with base64-encoded content.
- HTTP Artifact – SAML protocol messages are transmitted using a unique identifier called an artifact. Select this protocol if you do not want to expose the content of the SAML message during connection.
- HTTP Redirect – SAML protocol messages are transmitted within URL parameters.
-
In the Assertion Consumer Service (ACS) location field, override the system-provided URL of the standard ACS REST service URL.
-
In the Redirect logout location field, override the system-provided URL of the standard logout REST service.
-
In the SOAP logout location field, override the system-provided URL of the standard logout SOAP service.
-
In the Artifact Resolution Service (ARS) location field, override the system-provided URL of the standard ARS to send the artifact resolve request to the IdP.
-
To disable the signing of authentication and logout requests from your application to the Identity Provider, select the Disable request signing check box.
-
To reject all unsigned SAML assertions, select the Reject unsigned assertion check box.
-
To select the SP Private Key to sign the SAML authentication and logout requests, in the Signing certificate section, click the Pencil icon.
-
In the KEYSTORE NAME field, press the Down Arrow key and select the keystore that contains the private key, private key alias, and password to use.
-
Click Submit.
-
-
In the Decryption certificate section, click the Pencil icon to select the SP Private Key to decrypt the response from the IdP for authentication and logout requests.
-
In the KEYSTORE NAME field, press the Down Arrow key and select the keystore that contains the private key, private key alias, and password to use.
-
Click Submit.
-
-
To download the service provider metadata, click Save, and then click Download SP metadata.
-
Click Save.
- Authentication services
To override or extend the default authentication process, create and configure an authentication service.
- More about authentication services
This page describes additional topics relevant to authentication services that are not directly referenced on the rule form.
- Configuring a SAML SSO authentication service
After you create a SAML SSO authentication service, configure it so that Pega Platform uses the specified identity provider for authenticating users. You can map attributes from the identity repository to properties in Pega Platform, and also configure optional features such as preauthentication and postauthentication activities and operator provisioning.