Shop

Your Notifications (0)

There are currently no notifications. You're all set!

Demos Trials
Knowledge Base
ChemDraw and ChemOffice+ Products Signals Notebook E-Notebook and ChemBioOffice Enterprise Spotfire and Signals Spotfire Products Image Artist
Downloads
Downloads
Community
Ideas Portal Product Basics
About Support
Legal Resources Support and Maintenance Plans Product Life Cycle Support News
Contact Support

Define an external SAML authentication from the Signals Configuration

Katherine Benavides
  • Updated

For Administrators only.

Prior to this task:

✔ IdP must be configured.

*Required.

1️⃣ Signals Configuration ➡ select  [System Settings] 
2️⃣ System Settings pane ➡ select Authentication ➡ select Authentication Provider Information 
3️⃣ Authentication section ➡ Mode of Authentication ➡ select External SAML

4️⃣ Authentication section ➡ enter

  • SAML Key*
  • Login URL*
  • Post-logout URL
  • Signals SAML Application ID

5️⃣ Authentication section ➡ select

  • Add SAMLRequest parameter to login URL
  • Sign SAML request
  • Force user authentication
  • Use password authentication context in Signing Workflow and when forcing user authentication
6️⃣ Authentication section ➡ select [Test configuration]
7️⃣ Authentication section ➡ select [Save Settings]

 

Supporting Knowledge

Caution: Do not save until the test is successful. Saving an incorrect SAML configuration can lock the user out.

SAML Fields:

  • SAML Key: This is a mandatory field. It is the Base64-encoded PEM format of the IdP certificate, provided by the IT department. The SAML Key pasted into this field must be an X.509 certificate in PEM format; it should not contain the BEGIN/END, a header/footer, or any new lines. (SAML certificate) Identity Provider (IdP) provides a cryptographic key so that Signals Notebook can verify the response from IdP as part of the login process.
  • Login URL: This is a mandatory field. It is the Identity Provider (IdP) login URL where the user will be redirected to trigger the login process.
  • Assert URL: This is a read-only field. It is the SAML URL interface of the service provider, where the Identity Provider sends the authentication token.
  • Secondary assert URL (used by ChemOffice+ and OAuth 2.0 implicit grant): This is a read-only field. It is a Callback URL for OAuth 2.0 implicit grant, used by desktop applications like ChemOffice+.
  • Post-logout URL: The user is taken here when they log out of Signals Notebook with the SAML Authentication.
  • Signals Notebook SAML Application ID: This can be the domain name. Provide any name for the Signals Notebook application to be sent to IdP.
  • Add SAMLRequest parameter to login URL: Whether to select this checkbox should be determined by the IT department.
  • Force User Authentication: Enabling this parameter makes Signals Notebook send the ForceAuthn SAML attribute set to true in the SAML request.
  • Use password authentication context in Signing Workflow and when forcing user authentication: Enabling this parameter will require users to enter their credentials if:
    • Prompt all users for their password is enabled for signing and reviewing settings, or
    • Force User Authentication is enabled.

Related articles

Comments

0 comments

Article is closed for comments.