Configuring SAML Service Provider Metadata

You can configure SAML service provider metadata through the Administration > SAML > Configure SAML SP MetaData option.

The following figure shows the Configure SAML Service Provider MetaData page:

This page configures the following MFT SAML attributes:

Parameter Description
Enabled Defines whether SAML should be enabled (Yes) or disabled (No)
Service Provider Id Defines the SAML service provider name.
Note: It must be unique across all SP servers in the SAML environment.
SAML User Id Attribute Defines the SAML attribute that MFT will use as the user ID.
SAML Host URL Defines the URL of the MFT server.
SAML Encrypt Key Defines the SAML system key that will be used to encrypt SAML messages.
SAML Sign Key Defines the SAML system key that will be used to sign SAML messages.
LDAP Authenticators Defines the LDAP authenticators that will be scanned for a match on the SAML user ID.

You can select multiple authenticators that will be scanned for matches on the user ID.

When a successful SAML authentication occurs, MFT will extract the user ID from the SAML attribute defined by the SAML User Id Attribute field. If this user is defined by an MFT LDAP authenticator, MFT needs to determine which authenticator defines the user ID.

For example, assume that two LDAP authenticators (Customer and Internal) have been defined and the user acctuser has been authenticated by SAML. MFT will perform the following checking. The first match defines the user ID used for the session.
  • Search the database for a match on the user acctuser.
  • Search the database for a match on Customer-acctuser.
  • Search the database for a match on Internal-acctuser.
Note: You must make sure that a user ID defined by SAML is unique within all authenticators defined.

After entering the necessary information, click Update to update the database.