Federated login configuration options

Several configuration options are shared between both SP-initiated and IDP-initiated authentications via SAML. To configure these variables:

Click Manage the system > Modules > Federation / Web Single Sign-on.
Configure the options in the table Table 1, “Federation / Web Single Sign-on options” as required.
If required, configure event options, listed in the table Table 2, “Federation / Web Single Sign-On events” , that trigger external programs.
Click Update to submit the changes.

Table 1. Federation / Web Single Sign-on options

Option	Description
FEDIDP CERT FILE	The name of the PFX certificate used to sign assertions.
FEDIDP CERT PASS	The password for the signing certificate.
FEDIDP CERT STORE	The certificate store which contains the SAML signing certificate. PFX file store (Default): The default signing certificate repository. Computer account store: The local machine store for validation certificates. My user account store: The administrator account’s store for validation certificates.
FEDIDP CERT SUBJECT	The subject value for the signing certificate.
FEDIDP SAML PLUGIN	The plugin used to generate SAML assertions.
FEDIDP SESSION MINUTES	Configures the maximum duration of a single sign-on session, in minutes (Default 8640). Expired sessions are automatically removed by `psupdate` nightly clean up tasks.
FEDSP CERT FILE	The name of the PFX certificate used to sign SAML SP assertions.
FEDSP CERT PASS	The password for the signing certificate.
FEDSP CERT STORE	The certificate store which contains the SAML SP signing certificate. PFX file store (Default): The default signing certificate repository. This is located in <instancedir>\sp. Computer account store: The local machine store for validation certificates. My user account store: The administrator account’s store for validation certificates.
FEDSP CERT SUBJECT	The subject value for the signing certificate.

Bravura Security Fabric supports a number of event options that are invoked explicitly by federated login. For more information on event configuration, see Event Actions .

Table 2. Federation / Web Single Sign-On events

Option	Description
FEDIDP IDENTIFY SUCCESS	The SamlRequest web parameter, passed during federated login, is successfully parsed by Bravura Security Fabric . This event contains the following data: The SAML request issuer. The sp_folder used by the request. Remote IP address details.
FEDIDP IDENTIFY FAILURE	The SamlRequest web parameter, passed during federated login, could not be parsed by Bravura Security Fabric . This can occur if the SamlRequest or RelayState web parameters passed by the service provider are empty or invalid. This event contains the following data: The sp_folder used by the request.
FEDIDP AUTH SUCCESS	The SAML response assertion is successfully signed and generated by the fedidp_response plugin, following a successful federated authentication. This event contains the following data: The user’s profile ID. The sp_folder used by the request. Which authentication chain was used. The initiator of the request, either _IDP_LOGIN_ or the SP name.
FEDIDP AUTH FAILURE	The SAML response assertion could not be successfully signed or generated by fedidp_response. The most common causes of this include: The Bravura Security Fabric ’s configuration for that service provider is invalid. The service provider’s template file in <Instance>\idp\<SP folder> is invalid. The user is prohibited from accessing the service provider. The fedidp_response plugin failed to respond. The SAML signing certificate is invalid. This event contains the following data: The user’s profile ID. The sp_folder used by the request. Which authentication chain was used. The initiator of the request, either _IDP_LOGIN_ or the SP name. The reason for failure, one of: Authentication failure. Sp_access violation. Assertion construction. Assertion signing.
FEDIDP SSO SESSION CREATE	This event is triggered when a new single sign-on session is created by fedidp-assert following a successful federated login. The event contains the following data: The generated SSO session ID. The time and date the session was created. The ID of the web cookie created for this session. The full chain used to authenticate this user. The IP address from which the request originated The initiator of the request, either _IDP_LOGIN_ or the SP name.
FEDIDP SSO SESSION DESTROY	An SSO session is terminated, and the session data is removed from the database. The event contains the following data: The affected session ID The time and date of termination The session key for the affected session The IP address from which the request originated.

In this section:

Federated login configuration options

Search results