Language	Title	Date
en	-	-
fr	-	-
es	-	-

Wiki source code of Authentification SAMLv2

Last modified by Aurelie Bertrand on 2025/02/07 10:19

version	line-number	content
86.1	1	Configuration
1.1	2
86.1	3	Installation of a SAMLv2 authentication valve for DigDash
2.1	4
86.1	5	Summary:
3.1	6
86.1	7	{{toc/}}
1.1	8
86.1	9	= Prerequisites =
4.1	10
86.1	11	* The acronyms used later are referenced in the glossary at the end of this document.
	12	* Having configured the DigDash server with an SSL / TLS (HTTPS) connector (this authentication method requires secure exchanges)
	13	* Have the <digdash_installation> / add-ons / valve_saml2 folder containing all the files necessary for setting up the SAMLv2 authentication valve in the DigDash Tomcat server. The placement of these files is described in this document.
	14	The apache-tomcat folder: transposed to <digdash_install> / apache-tomcat**
	15	* The lib sub-folder: libraries and log configuration file to be placed in <digdash_install> / apache-tomcat / lib**
	16	* The webapps: acs sub-folder in a .war file to be placed in <digdash_install> / apache-tomcat / webapps**
	17	** The resources_samples folder: examples of XML files of IdP metadata and .properties file of security parameters to edit and place in the location of your choice.
	18	** The sp_metadata folder: The SP DigDash metadata XML file.
66.2	19
86.1	20	* For the moment, DigDash only supports the disconnection initiated by the SP (SP-Initiated SLO).
1.1	21
86.1	22	* The following operations are to be performed on the stopped DigDash server .
1.1	23
86.1	24	* The user to be authenticated must exist both at the IdP and in the LDAP DigDash.
	25	It is therefore advisable to have at least one user having the rights to add DigDash users in the LDAP DigDash before installing the SAMLv2 valve, this in order to avoid SSO authentication failures from the first connections due to absence of such user in LDAP.**
1.1	26
86.1	27	Mutual exchange of SP and IdP metadata
1.1	28
86.1	29	The two parties (Identity Provider and Service Provider) must first exchange their respective metadata in the form of XML files. This metadata will in particular make it possible to know their respective entry point and the details of secure exchanges.
1.1	30
86.1	31	= Configuration of the DigDash server =
1.1	32
86.1	33	== Copy of libraries ==
1.1	34
86.1	35	Add the libraries and the log configuration file from the apache-tomcat / lib folder to the folder
1.1	36
86.1	37	<digdash_installation> / apache / lib :
1.1	38
	39	\|saml2-valve.jar\|slf4j-api-1.7.12.jar
	40	\|commons-codec-1.10.jar\|log4j-1.2.15.jar
	41	\|commons-lang3-3.4.jar\|slf4j-log4j12-1.7.7.jar
	42	\|commons-logging-1.2.jar\|xmlsec-2.0.7.jar
	43	\|joda-time-2.9.4.jar\|log4j.properties
	44
86.1	45	__Libraries of the apache-tomcat / lib folder__
1.1	46
86.1	47	== Addition of the SAMLv2 authentication valve ==
1.1	48
86.1	49	Add the SAMLv2 authentication valve in the server.xml file located in the folder
1.1	50
86.1	51	<digdash_installation> / apache-tomcat / conf
1.1	52
86.1	53	To do this, add the following Valve element in the Host element .
	54
61.1	55	{{code language="XML" cssClass="notranslate"}}
86.1	56	<Server ... >
	57	...
	58	<Host ... >
	59	<Valve className = "com.onelogin.saml2.SAML2SSOValve"
	60	allowAddr = "localhost, 127.0.0. *, 0: 0: 0: 0: 0: 0 : 0: 1 "
	61	idPMetadataPath = " C: \ idp_md.xml "
	62	securitySettingsPath = " C: \ saml2.sec.properties "
	63	uid = " email "
	64	sharedPasswd = " sharedPassword " />
	65	...
	66	</Host>
	67	...
	68	< / Server>
1.1	69	{{/code}}
	70
86.1	71	__E__x extract from the server.xml file
1.1	72
86.1	73	Invariable value (className)
1.1	74
86.1	75	Variable value depending on the installation (allowAddr, idPMetadataPath, ...)
1.1	76
62.1	77
86.1	78	\|Attribute\|Description
	79	\|className\|Name of the Java class, implementing the org.apache.catalina.Valve interface, to use as Valve here. This attribute is mandatory because it allows you to select the Valve to use. There are indeed several implementations provided by Tomcat.
	80	\|allowAddr\|Server IP address.
	81	\|idPMetadataPath\|The absolute path of the XML file with IdP metadata
	82	\|securitySettingsPath\|The absolute path of the .properties file with security settings
	83	\|uid\|One of the attributes returned by the IdP in the SAMLv2 response to identify the user who authenticates. If this attribute is not mentioned, the nameId of the SAMLv2 response is used to identify the user.
	84	\|sharedPasswd\|The shared password and verified at authentication (see point II.5)
	85	\|//allowedCtxPath//\|//Optional// , is "/ adminconsole" by default; it is the path of the context whose resources are authorized to pass the valve, useful when the adminconsole is named differently. Example: allowedCtxPath = "/ customadminconsole"
	86	\|//ldapForPaths//\|//Optional// , these are regular expressions of URLs whose resources are authorized to pass the valve, thus going into LDAP authentication mode. Example: "http: ~/~/ localhost: 8080 /.*"
	87	\|//cookieTimeOut//\|(((
	88	//Optional// , this is the time (in seconds) after which the SSO cookie will expire. Worth 1800 seconds (30 minutes) by default.
	89	Otherwise, the cookie will expire after the number of seconds mentioned.
	90
	91	Example: cookieTimeOut = "3600" (1 hour)
1.1	92	)))
86.1	93	\|print_ //debug//\|//Optional// , is false by default, otherwise add print_debug = "true" for more verbose traces.
1.1	94
86.1	95	__Table describing the attributes of the Valve element__
1.1	96
86.1	97	== Addition of the .war corresponding to the ACS of the Service Provider ==
1.1	98
86.1	99	Add the ddacs.war archive from the apache-tomcat / webapps folder to the folder
1.1	100
86.1	101	<digdash_installation> / apache-tomcat / webapps .
1.1	102
86.1	103	It is the ACS entry point of the SP accessed by the IdP.
1.1	104
86.1	105	== Addition of security constraints ==
1.1	106
86.1	107	Add the security constraints to the web.xml file located in the folder
1.1	108
86.1	109	<digdash_installation> / apache-tomcat / conf .
1.1	110
86.1	111	{{code cssClass="notranslate"}}
	112	<web-app ... >
	113	...
	114	<security-role>
	115	<role-name> CUSTOM </role-name>
	116	</security-role>
1.1	117
86.1	118	<security-constraint>
	119	<display-name> CUSTOM Security Constraint </ display-name>
	120	<web-resource-collection>
	121	<web-resource-name> Protected Area </web-resource-name>
	122	<url-pattern> / * </url-pattern>
	123	</web-resource-collection>
	124	<auth-constraint>
	125	<role-name> CUSTOM </role-name>
	126	</auth-constraint>
	127	</security-constraint>
1.1	128
86.1	129	<security-constraint>
	130	<web-resource-collection>
	131	<web-resource-name> Non-Protected Area</web-resource-name>
	132	<url-pattern> / vjdbc </url-pattern>
	133	</web-resource-collection>
	134	</security-constraint>
	135	...
1.1	136	</web-app>
	137	{{/code}}
	138
86.1	139	__Extract from web.xml file__
1.1	140
86.1	141	== Server URL and domain for the Dashboard ==
1.1	142
86.1	143	It may be necessary, and it is advisable to specify on which server / domain the Dashboard will rely.
1.1	144
86.1	145	To do this, modify in the web.xml file in
1.1	146
86.1	147	<digdash_installation> / apache-tomcat / webapps / digdash_dashboard / WEB-INF.
1.1	148
86.1	149	To force the domain, change the value of the FORCEDOMAIN parameter to //true// .
	150	Mention the domain name by changing the DOMAIN parameter .
11.1	151
86.1	152	To force the server address, change the value of the FORCESERVERURL parameter to //true// . Mention the server address by changing the SERVERURL parameter .
11.1	153
86.1	154	{{code cssClass="notranslate"}}
	155	<web-app ... >
	156	...
	157	<servlet>
	158	<servlet-name> dashServlet </servlet-name>
	159	<servlet-class> com.digdash.server.DigdashServiceImpl </servlet-class>
	160	...
	161	<init-param>
	162	<param-name> DOMAIN </param-name>
	163	<param-value> ddenterpriseapi </param-value>
	164	</init-param>
	165	<init-param>
	166	<param-name> FORCEDOMAIN </param-name>
	167	<param-value> true </param-value>
	168	</init-param>
	169	<init-param>
	170	<param-name> SERVERURL </ param-name>
	171	<param-value> http: // localhost: 8080</param-value>
	172	</init-param>
	173	<init-param>
	174	<param-name> FORCESERVERURL </param-name>
	175	<param-value> true </param-value>
	176	</init-param>
	177	...
	178	</servlet>
	179	...
	180	</web-app>
31.1	181	{{/code}}
11.1	182
86.1	183	Extract from web.xml file
11.1	184
	185
86.1	186	Variable value depending on the installation
11.1	187
	188
86.1	189	\|[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_829eaa34e529ef0c.png?width=72&height=72&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_829eaa34e529ef0c.png"]]
	190	\|The example value for the SERVERURL parameter will almost always refer to localhost, when the dashboard and the server are placed in the same Tomcat server, which represents almost 99% of usage. It will naturally be necessary to refer to the address of the external server if these two elements are placed on different servers.
11.1	191
86.1	192	\|[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_829eaa34e529ef0c.png?width=72&height=72&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_829eaa34e529ef0c.png"]]
	193	\|(((
	194	This parameter can be edited via the web.xml file as indicated above. This file is specific to each installation of DigDash. You can enter this parameter more generally in the file
	195
	196	<user> / Application Data / Enterprise Server / dashboard_system.xml
	197
	198	For more information, you can refer to the DigDash documentation “guide_avance_systeme_fr.pdf”.
1.1	199	)))
	200
86.1	201	== Changing the value of the sharedPasswd parameter ==
74.1	202
86.1	203	Change the value of the //sharedPasswd// parameter (secret value below to change) in the web.xml file of Dashboard in the folder
1.1	204
86.1	205	<digdash_installation> / apache-tomcat / webapps / digdash_dashboard / WEB-INF .
1.1	206
86.1	207	The value must correspond to that mentioned in the //sharedPasswd// attribute in the valve of the file
1.1	208
86.1	209	<digdash_installation> /apache-tomcat/conf/server.xml (see part II.2).
	210
	211	{{code cssClass="notranslate"}}
	212	<web-app ... >
	213	...
	214	<servlet>
	215	<servlet-name> dashServlet </servlet-name>
	216	<servlet-class> com.digdash.server.DigdashServiceImpl </servlet-class>
	217	...
	218
	219	<init-param>
	220	<param-name> sharedPasswd </param-name>
	221	<param-value> secret </param-value>
	222	</init-param>
	223	...
	224	</servlet>
	225	...
	226	</web-app>
31.1	227	{{/code}}
1.1	228
86.1	229	Variable value depending on the installation
75.1	230
11.1	231
86.1	232	__Extract from the server.xml file__
41.1	233
86.1	234	== Modification of the authentication method ==
1.1	235
86.1	236	Modify the authentication method (LDAP is the default method) in the web.xml file located in the folder
1.1	237
86.1	238	<digdash_installation> / apache-tomcat / webapps / ddenterpriseapi / WEB-INF .
1.1	239
86.1	240	"External" means that safety is managed by the valve configured above.
	241
	242	{{code cssClass="notranslate"}}
	243	<web-app ... >
	244	...
	245	<servlet>
	246	...
	247	</servlet>
	248	...
	249	<servlet>
	250	<description> </description>
	251	<display-name> DDEnterpriseAuthServlet </display-name>
	252	<servlet-name > DDEnterpriseAuthServlet </servlet-name>
	253	<servlet-class> com.digdash.server.DDEnterpriseAuthServlet </servlet-class>
	254
	255	<init-param>
	256	<param-name> authMethod </param-name>
	257	<param-value> External </param-value>
	258	</init-param>
	259	...
	260	</servlet>
	261	...
	262	</web-app>
	263	{{/code}}
	264
	265
	266	__Extract from web.xml file__
	267
	268	= Identity Provider Configuration =
	269
	270	The IdP will need to register DigDash as an SP in its SP list before DigDash can take advantage of Single Sign-On.
	271
	272	The IdP must in particular use the metadata file provided by the SP for its configuration. This mentions among other things the entry points of the SP DigDash (URL ACS).
	273
	274	== Service Provider metadata ==
	275
	276	The SP metadata will either be provided directly and physically (by email, by USB key, etc.) or by generation via the SP. Indeed, they will be accessible via the following URL once the valve is in place:
	277
	278	https: ~/~/ <DigDash server address>: <port> /? spmetadata = display
	279
	280	= Service Provider Configuration =
	281
	282	The SP must load the IdP metadata into its application.
	283
	284	== Identity Provider metadata ==
	285
	286	Place the file in XML format provided by the IdP corresponding to the IdP metadata in the directory of your choice.
	287
	288	NB : The absolute path of this file will be known and will be entered as the value of the idPMetadataPath attribute of the SAMLv2 valve.
	289
	290	= Configuration of security parameters =
	291
	292	Place the file in .properties format corresponding to the security parameters in the directory of your choice.
	293
	294	NB1 : The absolute path of this file will be known and will be entered as the value of the securitySettingsPath attribute of the SAMLv2 valve.
	295
	296	The following table presents the different possible properties for setting security:
	297
	298	\|Properties\|Description
	299	\|(((
	300	onelogin.saml2.sp.entityid
	301
	302	onelogin.saml2.sp.assertion_consumer_service.url
	303
	304	onelogin.saml2.sp.assertion_consumer_service.binding
	305
	306	onelogin.saml2.sp.single_logout_service.url
	307
	308	onelogin.saml2.sp.single_logout_service.binding
	309
	310	onelogin.saml2.sp.nameidformat
	311
	312	onelogin.saml2.sp.x509cert
	313
	314	onelogin.saml2.sp.privatekey
	315	)))\|(((
	316	Properties relating to the Service Provider.
	317
	318	The default values of these properties are automatically loaded on the SP side.
	319
	320	If necessary, it is possible to override these properties by mentioning them in the properties file.
	321
	322	The more detailed description of these parameters as well as the values used can be directly consulted in the security file resources_samples \ saml2.sec.properties provided.
1.1	323	)))
86.1	324	\|(% rowspan="2" %)onelogin.saml2.strict\|Indicates whether the SP rejects all unencrypted or unsigned messages if the SP expects them to be.
	325	\|(((
	326	true
1.1	327
86.1	328	false
	329	)))
	330	\|(% rowspan="2" %)onelogin.saml2.security.nameid_encrypted\|Indicates if the nameID of the <samlp: logoutRequest> sent by the SP must be encrypted
	331	\|(((
	332	true
1.1	333
86.1	334	false
	335	)))
	336	\|(% rowspan="2" %)onelogin.saml2.security.authnrequest_signed\|Indicates whether <samlp: AuthnRequest> messages sent by this SP are signed. Metadata indicates this information.
	337	\|(((
	338	true
1.1	339
86.1	340	false
	341	)))
	342	\|(% rowspan="2" %)onelogin.saml2.security.logoutrequest_signed\|Indicates whether the <samlp: logoutRequest> messages sent by this SP are signed.
	343	\|(((
	344	true
1.1	345
86.1	346	false
	347	)))
	348	\|(% rowspan="2" %)onelogin.saml2.security.logoutresponse_signed\|Indicates whether the <samlp: logoutResponse> messages sent by this SP are signed.
	349	\|(((
	350	true
1.1	351
86.1	352	false
1.1	353	)))
86.1	354	\|(% rowspan="2" %)onelogin.saml2.security.want_messages_signed\|Indicates if responses should be signed
	355	\|(((
	356	true Message is required to be signed
1.1	357
86.1	358	false Message is not required to be signed
	359	)))
	360	\|(% rowspan="2" %)onelogin.saml2.security.want_assertions_signed\|Indicates the obligation of the <samlp: Response>, <samlp: LogoutRequest> and <samlp: LogoutResponse> messages received by this SP to be signed.
	361	\|(((
	362	true
66.3	363
86.1	364	false
	365	)))
	366	\|(% rowspan="2" %)onelogin.saml2.security.sign_metadata\|Indicates the obligation of the metadata of this SP to be signed.
	367	\|(((
	368	true requires signature of metadata
66.3	369
86.1	370	false default
	371	)))
	372	\|(% rowspan="2" %)onelogin.saml2.security.want_assertions_encrypted\|Indicates the obligation of assertions received by this SP to be encrypted.
	373	\|(((
	374	true
1.1	375
86.1	376	false
	377	)))
	378	\|(% rowspan="2" %)onelogin.saml2.security.want_nameid_encrypted\|Indicates the obligation of the nameID received by the SP to be encrypted.
	379	\|(((
	380	true
1.1	381
86.1	382	false
1.1	383	)))
86.1	384	\|(% rowspan="2" %)onelogin.saml2.security.requested_authncontext\|Authentication context
	385	\|(((
	386	Empty if you don't want any context to be sent in the AuthnRequest request
1.1	387
86.1	388	Multiple values separated by commas otherwise.
	389	)))
	390	\|(% rowspan="2" %)onelogin.saml2.security.onelogin.saml2.security.requested_authncontextcomparison\|Enables authentication context comparison
	391	\|'exact' by default
	392	\|(% rowspan="2" %)onelogin.saml2.security.want_xml_validation\|Indicates whether the SP validates all XML responses received. (If true, validation is only effective if this property and the 'onelogin.saml2.strict' property is also true.
	393	\|(((
	394	true
1.1	395
86.1	396	false
	397	)))
	398	\|(% rowspan="2" %)onelogin.saml2.security.signature_algorithm\|Hash algorithm used for signature.
	399	\|(((
	400	http:~/~/www.w3.org/2000/09/xmldsig#rsa-sha1
1.1	401
86.1	402	http:~/~/www.w3.org/2000/09/xmldsig#dsa-sha1
1.1	403
86.1	404	http:~/~/www.w3.org/2001/04/xmldsig-more#rsa-sha256
1.1	405
86.1	406	http:~/~/www.w3.org/2001/04/xmldsig-more#rsa-sha384
	407
	408	http:~/~/www.w3.org/2001/04/xmldsig-more#rsa-sha512
1.1	409	)))
	410
86.1	411	__Table describing possible security settings__
1.1	412
86.1	413	\|[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_cfd0582386f81fc1.png?width=58&height=58&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_cfd0582386f81fc1.png"]]
	414	\|The shaded fields are fields offered by the onelogin library but which are not yet implemented for the SAMLv2 valve from DigDash, therefore not taken into account.
1.1	415
86.1	416	= VI. Configuring the Java environment =
1.1	417
86.1	418	The Java Cryptography Extension (JCE) is required. You can download the jce-6, jce-7 or jce-8 version, and unzip it in the folder
1.1	419
86.1	420	$ {java.home} / jre / lib / security /
68.1	421
86.1	422	\|Versions\|Download links
	423	\|jce-6\|__[[http:~~/~~/www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html>>url:http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html]]__
	424	\|jce-7\|__[[http:~~/~~/www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html>>url:http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html]]__
	425	\|jce-8\|__[[http:~~/~~/www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html>>url:http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html]]__
68.1	426
86.1	427	= Log level =
68.1	428
86.1	429	You can customize the log level for the authentication valve.
1.1	430
86.1	431	By default, only errors are logged. If however you want to have more details on the course of actions and exchanges between the different entities, you can assign the value 'DEBUG' instead of 'ERROR' in the log4j.properties file which was imported into the lib folder of Tomcat .
1.1	432
86.1	433	log4j.logger.com.onelogin.saml2 = ERROR , stdout
1.1	434
86.1	435	log4j.logger.com.onelogin.saml2 = DEBUG , stdout
1.1	436
86.1	437	= SAML2 authentication on the Enterprise Studio side =
47.1	438
86.1	439	To authenticate with SAMLv2 on the Enterprise Studio side, please ensure that you have performed the following actions:
47.1	440
86.1	441	== Server and domain definitions in the .jnlp file ==
48.1	442
86.1	443	You can, like the Dashboard, define the server and the domain on which DigDash will rely.
48.1	444
86.1	445	To do this, modify the end of the digdash.jnlp file in the DigDash installation folder <digdash_installation> / apache-tomcat / webapps / adminconsole
48.1	446
86.1	447	{{code language="JNLP" cssClass="notranslate"}}
	448	<jnlp ...>
	449	...
	450	<application-desc main-class = "commandline.CommandLineMain">
	451
	452	<argument> https: // localhost: 8443 </argument> (1)
	453	<argument> ddenterpriseapi </argument> (2 )
	454	<argument><%=lang%> </argument> (3)
	455	<argument><%=dashboard%> </argument> (4)
	456	<argument> -AuthMode = External </argument> (5)
	457	<argument> -SSLNoPathCheck </argument> (A)
	458	...
	459	</application-desc>
	460	</jnlp>
48.1	461	{{/code}}
	462
86.1	463	Extract from the digdash.jnlp file
48.1	464
	465
86.1	466	__Warning__ : the arguments noted (1), (2), (3), (4), (5) must not change order.
48.1	467
86.1	468	Argument (1): the address of the DigDash server; variable depending on your installation
47.1	469
86.1	470	Argument (2): the name of the DigDash domain; variable depending on your installation
47.1	471
86.1	472	Argument (5): The authentication method; External, mandatory
53.1	473
86.1	474	Argument (A): optional argument, sometimes necessary in the case of SSL, HTTPS connections.
47.1	475
86.1	476	== Connection to DigDash Enterprise Studio ==
47.1	477
86.1	478	Download and run the .jnlp by going to the DigDash home page in the Enterprise Studio section.
47.1	479
86.1	480	[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_27c2ab581e0d9d7e.png?width=554&height=274&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_27c2ab581e0d9d7e.png"]]
	481	\\
53.1	482
86.1	483	An authentication window should appear with the IdP authentication target.
47.1	484
86.1	485	In this document, Salesforce is the IdP we have chosen to illustrate our examples.
47.1	486
86.1	487	[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_dff5c9e389ba1c1d.png?width=666&height=409&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_dff5c9e389ba1c1d.png"]]
	488	\\
69.3	489
86.1	490	__Capture: target with Salesforce IdP authentication form__
69.3	491
86.1	492	The user must enter his login data and if he has been authenticated with the IdP and that he corresponds to an existing user in the LDAP DigDash, the authentication will have succeeded and the window will attest to the success of authentication.
69.3	493
86.1	494	[[image:https://doc.digdash.com/xwiki/bin/download/Digdash_DEV/others_documents/config_auth_saml2/WebHome/config_auth_saml2_fr_test_html_6230a5f637fd4c54.png?width=612&height=376&rev=1.1\|\|alt="config_auth_saml2_fr_test_html_6230a5f637fd4c54.png"]]
	495	\\
69.3	496
86.1	497	__Capture: window of successful authentication__
69.3	498
86.1	499	The window will close automatically, then Enterprise Studio will start loading to launch.
69.3	500
86.1	501	= Lexicon =
69.3	502
86.1	503	We will call in this document:
69.3	504
86.1	505	SSO: Single Sign On or Single Authentication; SAMLv2 is an SSO method
1.1	506
86.1	507	SLO: Single LogOut or Single Logout
1.1	508
86.1	509	IdP: Identity Provider or Identity Provider
1.1	510
86.1	511	SP: the Service Provider or the Service Provider (DigDash)
1.1	512
86.1	513	ACS: Assertion Consumer Service
1.1	514
86.1	515	= References =
1.1	516
86.1	517	https:~/~/www.oasis-open.org
1.1	518
86.1	519	//DigDash uses the OpenSource onelogin library from OneLogin Inc to support the SAMLv2 authentication method.//
	520
	521	https:~/~/www.onelogin.com/
	522
	523	https:~/~/github.com/onelogin/java-saml

Wiki source code of Authentification SAMLv2

Sommaire