Versions Compared

Old Version 1

changes.mady.by.user Catch Admin

Saved on

compared with

New Version Current

changes.mady.by.user Catch Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: First published version

...

KeyPurposeDefault ValueExampleNotes
SAML.EnabledTo turn SAML support on or offfalse<add key="SAML.Enable" value="true"/>Required setting
SAML.ProviderUsed to switch between implementation styles of SAML 2.0n/a<add key="SAML.Provider" value="Microsoft" />Required setting (for most situations)
This should usually be set to "Microsoft" but you may need to omit this setting all-together, depending on IdP
SAML.IssuerIDP Issuer URLn/a<add key="SAML.Issuer" value="http://www.okta.com/cKZ3800234nlvM8s"/>Required setting
Requires IdP configuration first
SAML.IDPIDP SSO URLn/a<add key="https://cust.okta.com/app/appname/cKZ3800234nlvM8s/sso/saml"/>

Required setting
Requires IdP configuration first

SAML.CertificateX.509 Certificaten/a<add key="-----BEGIN CERTIFICATE----- certificate body -----END CERTIFICATE-----"/>Required setting
Should be entered as a single line and should include the begin and end certificate tags
Requires IdP configuration first
SAML.LogoutURL that a user will be redirected to if they choose to log out of Enterprise TesterEnterprise Tester Login URL<add key="SAML.Logout" value="https://myapps.microsoft.com"/>Optional setting
If not configured, a user choosing the logout option will be automatically logged back in again provided there session is still active with the IdP.

SAML.SignRequest

To turn SAML request signing support on or offfalse

<add

key="SAML.SignRequest"

value="true"

/>

Optional setting
Some IdPs support/require SAML request signing while other Idps ignore the signed status of a request.  If this option is set to true the following properties must also be configured:
SAML.SigningCertificateFile
SAML.SigningCertificatePassword
SAML.SigningCertificateFileLocation of the Signing Certificate.  The signing certificate should be a pkcs12 certificate and have the private key embeddedn/a<add key="SAML.SigningCertificateFile" value="d:\certs\saml_exp_2022.10.01.pfx" />

Required if SAML.SignRequest is set to true
Some cryptographic providers that might be used to encrypt the private key require a user profile in order to function properly.  As such please make sure that the "Load User Profile" option in the Advanced Settings of the Application Pool (in IIS) that runs Enterprise Tester is set to "True"

SAML.SigningCertificatePasswordPassword for the private key in the pkcs12 certificate identified in the SAML.SigningCertificateFile propertyn/a<add key="SAML.SigningCertificatePassword" value="changeit" />

Required if SAML.SignRequest is set to true
As the web.config file is in XML format, some special characters will need to be escaped if they are used in the password

CharacterEscaped value
"
No Format
&quot;
'
No Format
&apos;
<
No Format
&lt;
>
No Format
&gt;
&
No Format
&amp;

...