Skip to main content

Single Sign On: SAML

SAML allows the users of your organization to be automatically signed in when they visit your Dozuki site. By configurating your current Identity Provider for use with Dozuki as a Service Provider, you can administer user accounts through your existing ADFS/LDAP or other SAML provider.

Terms

Identity Provider Entity ID
The URI (unique resource identifier) of your Identity Provider. May be referred to as the Issuer depending on your Identity Provider.
Identity Provider URL
The URL that Dozuki will redirect users to for authentication.
Identity Provider X.509 Certificate
The certificate used by Dozuki to verify XML documents from your Identity Provider.
Logout URL
The URL that users are redirected to after they logout.

What You Need To Do

Set the Required SAML Settings

SAML settings are accessible at the Admin Security interface. You will need to set the Identity Provider Entity ID, Identity Provider URL, Identity Provider X.509 Certificate, and Logout URL. Optionally, the SSO: Role Attribute Prefix can also be set.

If your SAML Identity Provider supports importing settings through a metadata.xml file, there is a link on the same page title SAML Metadata.

Please note that if you are using ADFS as an Identity Provider, you will need to map LDAP Attributes to Outgoing Claim Types in your Claim Rule.

LDAP Attribute Outgoing Claim Type
Display-Name username
E-Mail-Addresses email
SAML-Account-Name userid

Set the Optional SAML Settings

LDAP Attribute Outgoing Claim Type
Role role

Specify role to set or replace the user's permission level. Setting custom attributes will vary depending on your provider.

Role Value Access
user, or
operator
Standard user
author Author user
moderator Moderator user
authorandmod,
author-and-mod,
author_and_mod, or
author & mod
Author & Moderator user
admin Admin user

If your Identity Provider requires unique user roles per application, set the SSO: Role Attribute Prefix setting, which enables roles to be prefixed by the specified value. For example, if this field is set to dozuki- then roles may be passed as dozuki-user, dozuki-author, etc.

Test It

The Identity Provider URL and Logout URL fields have dialogs to test that the SAML URLs given redirect correctly.

TRUSTe