You must configure your SPs in order to use SAML authentication. To configure an SP, you mus have the required IDP metadata file imported into FortiADC ahead of time. See Import IDP Metadata for more information.
Once you have imported the needed IDP metadata file into FortiADC, you can use the following steps to configure a SAML service provider:
- Click User Authentication > SAML.
- Select the SAML Service Providers tab, if it is not selected.
- Click Create New to open the SAML Service Providers configuration editor.
- Make the desired entries or selections, as described inConfigure a SAML service provider.
- Click Save when done.
|SAML Service Provider
Use this page to configure an SAML service provider.
Specify a unique name for the SAML service provider.
Specify the SAML service provider's entity ID, which is the SAML service provider's URL.
Select an option. The default is Factory.
|Assertion Consuming Service Binding Type
|Assertion Consuming Service Path
|Single Logout Binding Type
|Single Logout Path
Select an IDP metadata file.
Note: You must have the IDP metadata file imported into FortiADC ahead of time.
|Metadata Export Service Location
|Authentication Session Lifetime
|Authentication Session Timeout
Enable(d) by default, which allows FortiADC to forward SSO information to the real server, which in turn gets the authentication information and implements the SSO function.
|Export Assertion Status
Enable(d) by default, which allows FortiADC to send to the real server the URL where the Authentication Assertion (.i.e., identity information) can be fetched.
|Export Assertion Path
|Export Cookie Status
Enable(d) by default, which allows FortiADC to send to the real server the cookie of a site that the user last visited.
|Export Assertion ACL
Enter the IP address of the real server (or the IP Netmask if the real server is one of a group of real servers) that requests authentication assertions.