Skip to main content

Authentication chains: Bravura Security Fabric as service provider

Many organizations which leverage federated authentication already have a solution in place. This could include:

  • Active Directory Federated Services

  • Microsoft Azure

  • Okta Single Sign-On

  • PingFederate

  • One of many other IdP solutions

Bravura Security Fabric can be configured to operate as a service provider, accepting third-party authentication assertions from a trusted IdP.

Configuring Bravura Security Fabric as a service provider requires the following administrator rights:

  • "Manage policies" to configure the SAML_SP custom Authentication chain, and the SAML_USERS User class.

  • "Manage external data store" to configure authentication chain logic using the hid_authchain_select table.

To configure Bravura Security Fabric as an SP:

  1. Prepare Bravura Security Fabric as an SP.

  2. Prepare the Identity Provider. The steps will be different for each vendor. Refer to your vendor's instructions to prepare your IdP.

    See the following examples to:

  3. Setup Bravura Security Fabric to authenticate with an IdP

See also

Example: Configure Bravura Security Fabric as an SP and integrate with a Bravura Security Fabric IdP server

Prepare Bravura Security Fabric as an SP

The Scenario.hid_authchain_saml_sp component installs the functionality to allow Bravura Security Fabric to act as service provider, accepting third-party authentication assertions from a trusted IdP.

To prepare Bravura Security Fabric as an SP:

  1. Log in to the front end as superuser.

  2. Click Manage the system > Workflow > Email configuration .

  3. Set BASE_IDSYNCH_URL to the servername used in the IIS TLS certificate, which is the URL seen by the end users' browsers.

  4. Click Home home129.png > Manage components.

  5. Install the Scenario.hid_authchain_saml_sp component.

  6. Configure which users in Bravura Security Fabric you want enabled for SAML Authentication.

    1. Click Manage the system > Policies > User classes > SAML_USERS.

    2. Add the users you want to authenticate against the IdP to this user class. You can add explicit users, a domain group or other criteria.

      IdP-initiated SSO is supported only when the profile IDs match the IdP account names.

    3. Recalculate the user class cache.

Component deployment

Installing Scenario.hid_authchain_saml_sp automatically installs and configures the following:

Notes:

  • Additional configuration is required to:

    1. Set up appropriate login processes into Bravura Security Fabric and;

    2. Establish a trust relationship between the IdP and Bravura Security Fabric .

  • This component does not provide single sign-on functionality.

  • Federated login event actions (exit traps) can also be configured.

User class

Installing this component adds the SAML_USERS user class. By default, members of this user class attempting to authenticate to Bravura Security Fabric will be directed to the federated authentication login process, via the SAML_SP authentication chain.

fedsp-util.exe

This utility is executed by the Scenario.hid_authchain_saml_sp component in order to generate a PFX signing certificate and public certificate pair and is located in the util directory

When installing through the component, this utility generates the following files:

  • saml.pfx, used to sign SAML SP assertions.

  • public.cer, the public certificate file that can be passed to the Identity provider to add the Bravura Security Fabric instance as a trusted authority.

Both files are added to the <instance>\sp\directory.

Read more about fedsp-util usage.

Authentication chains

SAML_SP

Custom authentication chain SAML_SP is responsible for redirecting users to the identity provider, as well as granting them Bravura Security Fabric access once they have successfully authenticated. This authentication chain is configured to call the Fedidp_samlauth authentication module, and must be manually configured before use.

Fedidp_samlauth

Installing Scenario.hid_authchain_saml_sp creates a skeleton authentication chain module called SAML_SP that contains the Fedidp_samlauth module. This authentication chain module is responsible for generating the SAML authentication request, redirecting users to the identity provider, and granting access to successfully authenticated users upon their return.

External database tables

hid_authchain_select

Installing Scenario.hid_authchain_saml_sp:

  • Adds a row to the hid_authchain_select table that automatically selects SAML_SP if the user is a member of SAML_USERS.

  • Adds a row to the hid_authchain_select table to continue SAML authentication requests if SAMLResponse is in the session.

This table is used by several Bravura Security Fabric component installations, and overrides the normal authentication chain selection process. With the SAML SP configuration installed, this table directs members of the SAML_SP user class, or any user that has provided a SAML_RESPONSE POST parameter to the SAML_SP authentication chain.

Federated login configuration options

Installing Scenario.hid_authchain_saml_sp sets the following federated login configuration options (Manage the system > Modules > Federation / Web Single Sign-on):

  • Sets the FEDSP CERT FILE system variable with a generated PFX file

  • Sets the FEDSP CERT PASS system variable to be the password of the generated PFX file.

  • Sets the FEDSP CERT STORE system variable to be the PFX file store.

  • Sets the FEDSP CERT SUBJECT system variable to be "BravuraSecuritySpSaml".

Federated login event actions (exit traps) can also be configured.

Example: Integrate with an Okta IdP

Requirement

Organizations that use Okta Single Sign-On solution to leverage federated authentication require Bravura Security Fabric to authenticate with their current IdP solution.

See Okta integration strategy: SAML or API for information about SAML versus API integration.

Solution

Bravura Security Fabric can be configured to operate as a SAML v2 Service Provider, allowing it to integrate with Okta Single Sign-On IdP to authenticate its users. Once authenticated with the IdP, or even before authenticating with the IdP, additional authentication chains may or may not be run.

Bravura Security Fabric can be configured to authenticate users directly against Okta by redirecting them to the Okta Sign-In page. When this method is used, the authentication requirements for the authenticating application are configured within Okta.

Prepare Bravura Security Fabric as a service provider

Install Scenario.hid_authchain_saml_sp component to prepare Bravura Security Fabric as an SP.

Prepare Okta

Steps are subject to change; please refer to the official Okta documentation if there are any discrepancies.

To configure Okta to allow integration with Bravura Security Fabric:

  1. Sign in to your Okta instance as a system administrator.

  2. Navigate to the Administrator Dashboard.

    2869.png

  3. On the left navigation pane, expand Applications, then click on Applications.

    okta-applications

    This pane may be hidden unless you click on the Menu icon on the top left.

  4. Click Create App Integration.

    okta-create-app-integreation

  5. For Sign-in method, select SAML 2.0.

    okta-signin-method

  6. Click Next .

  7. Configure General Settings for the SAML Integration:

    2872.png

    1. Give your new application a name; for example Bravura Security WebPortal.

    2. Select a logo for the application.

    3. Configure the application visibility settings.

    4. Click Next .

  8. Configure SAML Settings for SAML integration:

    2873.png

    1. Set the Single-Sign-On URL for the Bravura Security Fabric SP, in the format: https://<bravura-fabric-server>/<instancename>/cgi/psf.exe.

      For example

      https://idm.company.com/instance/cgi/psf.exe

    2. Ensure that Use this for Recipient URL and Destination URL is enabled.

    3. Set the Audience URI (SP Entity ID) for the Bravura Security Fabric SP, in the format: https://<bravura-fabric-server>/<instancename>/.

      For example

      https://idm.company.com/instance/.

    4. Leave the Default RelayState blank.

    5. Set Name ID format to "Unspecified".

    6. Map profile attributes between Okta and Bravura Security Fabric users.

      In order for Okta to authenticate Bravura Security Fabric users, it needs to have a means of associating Bravura Security Fabric users to existing Okta users. This is done via attribute mapping, where Okta will compare the two profiles’ attributes to see if they match. In the Application username field, you must select an attribute which can be mapped to Bravura Security Fabric user profiles. This is used to link Okta and Bravura Security Fabric user profiles.

      • If the Okta username matches the Bravura Security Profile name then select Okta username.

      • Otherwise, an attribute within Okta can be used to match either the Bravura Security Fabric user profile name, or a user attribute within Bravura Security Fabric . You will need to mirror these attribute mappings when you configure the authentication chain in Bravura Security Fabric .

      Warning

      It is important to ensure that only a single profile within Bravura Security Fabric matches the selected value. Ensure that the attributes selected will be an exact match.

      The attribute mapping between Okta and Bravura Security Fabric must be 1:1. If there are multiple attributes configured in Okta under Application username, Bravura Security Fabric acting as an SP will not be able to distinguish between them and will redirect back to Okta, which combined with active Okta SSO is likely to cause an infinite redirect loop.

  9. Click Show Advanced Settings.

    okta-advanced-settings

    1. Choose whether the Response or Assertion Signature is "Signed":

      You can choose to have either the response or the assertion be signed by the IDP, but not both.

      You can choose to have both the response and the assertion be unsigned, however this not recommended.

    2. Choose the Signature Algorithm used to digitally sign the response or assertion. By default, RSA-SHA256 will be used.

    3. Ensure the Digest Algorithm matches the one specified for the Signature Algorithm.

    4. Leave Assertion Encryption as "Unencrypted".

    5. If you want SAML assertions to be assigned and have configured Bravura Security Fabric to require SAML assertions to be assigned (AuthRequest setting in SAML_SP) click Browse files… for Signature Certificate and set it to public.cer , located in <instancedir>\sp

      The directory may appear empty but the certificate is present; ensure that All Files are displayed instead of Custom Files.

    6. Leave Enable Single Logout unchecked.

    7. Choose whether Signed Requests will be validated.

    8. Leave all other options untouched and click Next .

  10. Fill out the Feedback section, and click Finish.

    okta-feedback

  11. Click on Assignments.

    okta-assignments

  12. Specify users or groups who will access this application.

    okta-assign

Next:

Set up Bravura Security Fabric to authenticate with the IdP

See also

Okta in the Connector Pack Documentation for details on how to add an Okta target.

Example: Integrate with a Microsoft Azure IdP

Requirement

Organizations that use Microsoft Azure Single Sign-On solution to leverage federated authentication require Bravura Security Fabric to authenticate with their current IdP solution.

Solution

Bravura Security Fabric can be configured to operate as a SAML v2 Service Provider, allowing it to integrate with a Microsoft Azure Single Sign-On Identity Provider (IdP) to authenticate its users. Once authenticated at the IdP, or even before authenticating with the IdP, additional authentication chains may or may not be run.

Bravura Security Fabric can be configured to authenticate users directly against Azure by redirecting them to the Azure Sign-In page. When this method is used, the authentication requirements for the authenticating application are configured within Azure.

Prepare Bravura Security Fabric as a service provider

Install Scenario.hid_authchain_saml_sp component to prepare Bravura Security Fabric as an SP.

Prepare Azure

Steps are subject to change; please refer to the official Azure documentation if there are any discrepancies.

  1. Sign in to Azure Portal as a system administrator.

    azure-enterprise-applications

  2. Under Azure services, click Enterprise applications.

    Alternatively, you can search for "Enterprise applications" using the search bar.

    azure-new-application

  3. Click New application.

    azure-create-application

  4. Click Create your own application.

  5. In the action pane on the right:

    azure-create-action-pane

    1. Specify the name of the app, for example Bravura Security WebPortal.

      The Integrate any other application you don't find in the gallery (Non-gallery) should already be selected for you. If not, please select it.

    2. Click Create.

      The creation process may take a few moments. The Overview page for the application should be displayed upon successful creation.

    azure-assign-users-groups

  6. Click Assign users and groups.

    azure-add-user-group

  7. Click Add user/group.

    azure-assign

  8. Specify the users and/or groups that will access this application. When complete, click Assign on the bottom left.

    azure-single-signon

  9. On the left menu, click Single sign-on.

    azure-select-saml

  10. Select SAML.

    azure-saml-edit

  11. For Basic SAML Configuration, click Edit.

  12. In the action pane on the right:

    azure-saml-action-pane

    1. Click Add identifier and provide the Entity ID for the Bravura Security Fabric SP, in the format

      https://<bravura-fabric-server>/<instancename>/

      For example

      https://idm.company.com/instance/

    2. Click Add reply URL and provide the Reply URL for the Bravura Security Fabric SP, in the format

      https://<bravura-fabric-server>/<instancename>/cgi/psf.exe

      For example

      https://idm.company.com/instance/cgi/psf.exe

    3. Provide the Sign on URL for the Bravura Security Fabric SP, in the format

      https://<bravura-fabric-server>/<instancename>/cgi/psf.exe

      For example

      https://idm.company.com/instance/cgi/psf.exe

    4. Click Save.

      The process may take a few moments.

  13. Exit out of the Basic SAML Configuration screen, by clicking the X button on the top right.

    azure-saml-attributes-edit

  14. For Attributes & Claims, click Edit.

  15. In the action pane on the right, provide the Unique User Identifier (Name ID).

    azure-attributes-action-pane

    In order for Azure to authenticate Bravura Security Fabric users, it needs to have a means of associating Bravura Security Fabric users to existing Azure users. This is done via attribute mapping, where Azure will compare the two profiles’ attributes to see if they match. You must choose an attribute which can be mapped to Bravura Security Fabric user profiles.

    The attribute mapping between Azure and Bravura Security Fabric must be 1:1. For example, if the profile ID of a user on Bravura Security Fabric is "JDoe", the unique user indentifer on Azure must be an attribute that matches "JDoe" exactly.

  16. Exit out of the Attributes & Claims screen by clicking the X button on the top right.

    azure-saml-cert-edit

  17. For SAML Certificates, click Edit.

  18. In the action pane on the right:

    azure-saml-cert-action-pane

    1. Choose the Signing Option.

      "Sign SAML response" or "Sign SAML assertion" are supported options, but not " Sign SAML response and assertion".

    2. Choose the Signing Algorithm. Available options are SHA-256 or SHA-1.

    3. If changes were made, click Save.

  19. Exit out of the SAML Signing Certificate screen by clicking the X button on the top right.

    azure-verification-edit

  20. For Verification certificates, click Edit.

  21. In the action pane on the right:

    azure-verification-action-pane

    1. Choose whether to Require verification certificates. If you select this, you will need to upload the certificate from Bravura Security Fabric :

    2. Click Upload certificate.

      1. Choose the public.cer certificate, located in <instancedir>\sp.

      2. Click OK.

    3. Choose whether to Allow requests signed with RSA-SHA1.

    4. Click Save.

  22. Exit out of the Verification certificates screen by clicking the X button on the top right.

    azure-fed-metadata

  23. Download the Federation Metadata XML; this will be used to configure the SAML_SP authentication chain later.

    If the option is greyed out, you can retrieve the metadata by going to the URL provided in App Federation Metadata Url and saving the metadata from there.

Next:

Set up Bravura Security Fabric to authenticate with the IdP

See also

Azure Active Directory in the Connector Pack documentation for details on how to add an Azure target.

Example: Integrate with a Ping IdP

Requirement

Organizations that use Ping Single Sign-On solution to leverage federated authentication require Bravura Security Fabric to authenticate with their current IdP solution.

Solution

Bravura Security Fabric can be configured to operate as a SAML v2 Service Provider, allowing it to integrate with a Ping Single Sign-On Identity Provider (IdP) to authenticate its users. Once authenticated at the IdP, or even before authenticating with the IdP, additional authentication chains may or may not be run.

Bravura Security Fabric can be configured to authenticate users directly against Ping by redirecting them to the Ping Sign-In page. When this method is used, the authentication requirements for the authenticating application are configured within Ping.

Prepare Bravura Security Fabric as a service provider

Install Scenario.hid_authchain_saml_sp component to prepare Bravura Security Fabric as an SP.

Prepare Ping

To configure Ping to allow integration with Bravura Security Fabric :

  1. Log into the Ping administrative console as a system administrator.

  2. Navigate to Server Configuration > Server Settings > Roles & Protocols and ensure Ping has been established as an identity provider.

  3. If required, navigate to Server Configuration > Password Credential Validators and click Create new Instance to create a new credential validator.

    • Ensure that this credential validator contains account information that corresponds to user profiles in Bravura Security Fabric .

    • Configure the mapping relationship that will be used to compare Bravura Security Fabric accounts to those stored on Ping.

  4. Navigate to IdP Configuration > Application Integration > Adapters and click Create new instance.

  5. Follow the on-screen instructions to configure the adapter for Bravura Security Fabric.

  6. Navigate to IdP Configuration and click Create a connection.

  7. Follow the on-screen instructions of the SP connection wizard to configure the connection to Bravura Security Fabric .

  8. Export the IdP meta-data for this application and save the file in a location where it can be accessed by Bravura Security Fabric in order to finish configuring the authentication chain module.

Next:

Set up Bravura Security Fabric to authenticate with the IdP

Example: Integrate with Active Directory Federation Services IdP

In this example, we use two endpoints for the federation integration:

  • The SP, Bravura Security Fabric : https://app.demo.local/instance/

  • The IdP, Active Directory Federation Services: https://adfs.demo.local/adfs/ls/

The domains and instance name have to be changed to fit the instances being integrated. The rest of the paths are fixed.

Configure Relying Party Trust in Active Directory Federation Services (AD FS)

  1. Open the AD FS Management Tool in Server Manager.

    adfs-AddRelyingPartyTrust

  2. Click on Add Relying Party Trust in Actions.

    adfs-AddRelyingPartyTrust2

  3. Keep the default "Claims aware" option and click Start.

    adfs-AddRelyingPartyTrust3

  4. Choose the "Enter data about the relying party manually" option, and click Next .

  5. Type the name by which the instance of our product being added as Service Provider is known in the customer's infrastructure, for example “Bravura Security Fabric” in the Display name field and click Next .

  6. Click Next on the Configure Certificate page to accept defaults.

    adfs-AddRelyingPartyTrust-url

  7. Select "Enable support for the WS-Federation and SAML" in the Configure URL field, type https://app.demo.local/instance/ then click Next .

    adfs-AddRelyingPartyTrust-identifiers

  8. If there is no entry in the Relying party trust identifiers list on the Configure Identifiers page, type https://app.demo.local/instance/ in the identifiers field and click Add, then Next.

  9. Click Next in the Choose Access Control Policy page to accept defaults.

  10. Click Next in the Ready to Add Trust page to accept defaults.

  11. Click Close.

  12. In the AD FS Management tool navigate to Relying Party Trust and select "Bravura Security".

  13. Click on the Edit Claim Insurance Policy.

  14. Click Add Rule.

  15. Keep default "Send LDAP Attributes as Claims" in the Select Rule Template page, then click Next .

  16. Type send LDAP attributes in the Claim rule name field, select "Active Directory" in Attribute Store, select "SAM-Account-Name" in LDAP Attribute and "Name ID" in the Outgoing Claim Type, then click OK.

Export signing certificate from AD FS

  1. Open the AD FS Management Tool in Server Manager.

  2. Navigate to Services > Certificates.

  3. Select Token Signing certificate and then select View Certificate from the Actions menu (or right click > View).

  4. Click the Details tab.

  5. Click Copy to File and click Next .

  6. Select "Base64 encoded X.509" in the Export File Format page.

  7. Add a descriptive Name (for example "adfs-domain-name-environment.cer" - with the actual domain name being integrated and environment type [dev, uat, prod]), then save the exported file into the Temp folder and click Next .

  8. Click Finish to complete the export process.

  9. Copy the exported certificate into the plugin\ folder of the Bravura Security Fabric instance.

Configure SAML Authentication in Bravura Security Fabric

See generic instructions in Set up Bravura Security Fabric to authenticate with an IdP .

The instance profiles must be created from the Active Directory domain being integrated, or at least a profile attribute has to be populated with that Active Directory's UPN.

When editing the fedidp_samlauth module options ( Step 3-Step 5 ), enter details of the AD FS server in the Authentication chain information page:

  • Single sign-on URL: https://adfs.demo.local/adfs/ls / (this is the AD FS endpoint)

  • Issuer to send to identity provider: https://app.demo.local/instance/ (this is the Relying party identified configured in AD FS)

  • Single sign-on binding: HTTP POST

  • Identity provider issuer: http://adfs.demo.local/adfs/services/trust

  • Identity provider public certificate file (.cer): adfs-domain-environment.cer (the one saved from AD FS)

  • Identity provider subject type: Profile ID (if the profile name matches the AD UPN, otherwise choose "Profile attribute").

  • Subject profile attribute: Leave blank if ProfileID above, otherwise the name of the profile attribute containing the AD UPN - usually EMAIL.

Set up Bravura Security Fabric to authenticate with an IdP

After you have prepared Bravura Security Fabric as SP and set up an IdP, configure the SAML_SP authentication chain to complete the integration.

Before you begin

  1. Have an identity provider prepared that implements SAML to authenticate users on behalf of other service providers, and configure it to provide authentication for Bravura Security Fabric .

  2. Ensure that user profiles that will use Bravura Security Fabric as a service provider exist in the databases of both the identity provider as well as Bravura Security Fabric . Mappings between the Bravura Security Fabric and identity provider profiles must be configured in the identity provider.

  3. Export the IdP metadata from the IdP and save the file in a location where it can be accessed by Bravura Security Fabric in order to finish configuring the authentication chain module.

  4. Collect the following information that will be required to establish the SAML trust relationship:

    • idp-metadata.xml

      OR

    • The individual endpoints and certificate the IdP makes available in that metadata file:

      • Single sign-on URL for the identity provider.

      • Identity provider issuer, a URL for your IdP that may or may not match the SSO URL.

      • Identity provider public certificate file (.cer), a copy of which should be placed in the instance’s plugin directory.

      • Issuer to send identity provider, typically the URL for the Bravura Security Fabric instance.

      • Single sign-on binding format as required by your IdP, either HTTP POST or HTTP Redirect.

    All URLs must use HTTPS where applicable.

Configure the SAML_SP authentication chain

  1. As superuser in the SP instance, click Manage the system > Policies > Authentication chains > custom > SAML_SP.

  2. Disable this authentication chain so it can be edited.

  3. Click the fedidp_samlauth module to open it for editing.

  4. Ensure the Control Type is set to "Required".

  5. Add information. Either:

    • Click Choose file next to Import metadata, and upload the idp-metadata.xml file you copied earlier.

      OR

    • Populate the following fields manually:

      • Single sign-on URL: the URL of the identity provider

      • Issuer to send identity provider: typically the URL for the Bravura Security Fabric instance

      • Single sign-on binding: the format as required by your IdP, either HTTP POST or HTTP Redirect.

      • Identity provider issuer: a URL for your IdP that may or may not match the SSO URL.

      • Identity provider public certificate file (.cer): a copy of which should be placed in the instance’s plugin directory.

  6. Choose the correct Identity provider signature location.

    "Assertion" is set by default. If you are using an IdP configured to sign the response, change this to "Response" (or adjust the IdP signature settings, if desired). The response value must match what is selected on the IDP side.

  7. Optional: Choose the correct AuthnRequest signature.

    Modify the value to either RSA-SHA1 or RSA-SHA256 (recommended if enabling this feature) if your organization requires SAML AuthnRequests to be signed.

  8. Configure the Identity provider subject type, which is used to map user profiles in Bravura Security Fabric to their counterparts on the IdP. When the IdP authenticates a user, it sends a subject attribute in the SAML assertion that is used to identify which user was authenticated:

    • Select ”Profile ID” if the subject attribute will be identical to the user’s Bravura Security Fabric profile ID.

    • Select ”Profile attribute” if the subject can be mapped to a user attribute instead of the profile ID.

      Bravura Security Fabric as a SP only supports IdP initiated SSO if the Bravura Security Fabric profile ID is used.

    • If you selected ”Profile attribute” as the Identity provider subject type, you must also enter the Subject profile attribute , which specifies the ID of the profile attribute that can be mapped to the SAML subject.

  9. Optional : Select the Allow IdP initiated SSO checkbox to allow users to start at the IdP log in and be redirected to the SP, where they will be automatically authenticated.

  10. Optional: Select the Force IdP authentication checkbox to allow the IdP to re-authenticate the user even if the user has an existing session.

    Some IdPs do not support the Force IdP authentication option.

  11. Click Update, then Enable to enable this authentication chain.

  12. Verify that the Front-end login authentication chain includes SAML_SP as an available chain for the chain selector module.

Test the configuration

Bravura Security Fabric should now be configured to authenticate with an IdP. To test this setup:

  1. Open the SP instance login page.

  2. Submit the username of one of the test accounts that is a member of SAML_USERS.

    You should be redirected to IdP's login page.

  3. Complete the authentication process, using valid credentials.

    Login uses the SAML authentication chain.

  4. Upon successful authentication, the user’s web browser is redirected back to the service provider, where they are logged in automatically.

Replacing certificate files in the plugin directory

When you need to replace an expired identity provider public certificate file, no restart of any services is needed. The certificate is used each time it has to be checked against the certificate coming from the IdP in the SAMLResponse. There may be minor caching of the file in the psf.exe CGI loaded into IIS.

Collect the certificate file from the IdP and put it in the instance plugin directory.

You may want to verify against the format of the previous certificate, which you can compare in a text viewer with the new certificate you exported from the IdP.

It is recommended that you back up the old certificate in case the new one has an issue and you must revert.

SAML certificates are not used in the transport layer (TLS) or in OS and IIS handshaked with the browser, so they do not have to be Trusted by the OS, nor used in IIS. They are merely used at the Application level, to verify the SAML assertion coming from the IdP.

Troubleshooting Bravura Security Fabric as a service provider

SP-initiated SAML authentication workflow breaks when reaching the Bravura Security Fabric server

If you receive a 404.15 error when trying to access Bravura Security Fabric 's UI (usually in a Saml context: a SAMLRequest from an SP being too long), increase the IIS limit for the URL length, as described in https://www.syncfusion.com/kb/5051/how-to-resolve-the-http-error-404-15-not-found

See also

For more information on HTTP status codes see https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/www-administration-management/http-status-code .

In this section: