Exemple de Configuration SAML 2.0
Cette section explique comment configurer les fournisseurs SAML 2.0 pour Microsoft Azure, Okta et OneLogin, avec des exemples de référence pour chacun.
Microsoft Azure
Informations sur le fournisseur
| Paramètre | Exemple |
|---|---|
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-41b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e5-5d473c79e133 |
| Entity ID | https://yourserver/biwebserver |
| Provider Entity ID | https://sts.windows.net/yourentityID/ |
| Provider Login Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| Provider Logout Endpoint | https://login.microsoftonline.com/yourentityID/saml2 |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificat | SAML2Certificate.cer |
| User Identifier | nameidentifier |
Exemple de configuration d'authentification
| Champ | Exemple |
|---|---|
| Activer | Désactivé |
| Description | Se connecter avec Azure[SAML2] |
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-66a7-4b4-9e9b-d401358e19e6/federationmetadata/2007-06/federationmetadata.xml?appid=458ee5eb-e22d-4dd1-a4e |
| Entity ID | https://[your_domain]/biwebclient |
| Provider Entity ID | https://sts.windows.net/c2c50f21-66a7-4b4-9e9b-d401358e19e6/ |
| Provider Login Endpoint | https://login.microsoftonline.com/c2c50f21-.../saml2 |
| Provider Logout Endpoint | https://login.microsoftonline.com/c2c50f21-.../saml2 |
| SAML2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | http://[your-webclient-domain]:82/Logout/LoggedOut |
| Certificat | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Forcer la réauthentification | Désactivé |
| Autoriser mémoriser moi | Désactivé |
Exemple de mappage des utilisateurs
| Champ | Exemple |
|---|---|
| Nom d'utilisateur | ADMIN |
| Nom | ADMIN |
admin@companyname.com | |
| User Identifier | RD@nectari.com |
Okta
Informations sur le fournisseur
| Paramètre | Exemple |
|---|---|
| Discovery Endpoint | |
| Entity ID | https://yourserver/biwebserverhttps://yourserver/exceladdin |
| Provider Entity ID | http://www.okta.com/yourentityID |
| Provider Login Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| Provider Logout Endpoint | https://dev-40198417.okta.com/app/dev-40198417_saml2_1/yourentityID/sso/saml |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2https://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificat | okta.cert |
| User Identifier | nameidentifier |
Exemple de configuration d'authentification
| Champ | Exemple |
|---|---|
| Activer | Désactivé |
| Description | Se connecter avec Okta |
| Discovery Endpoint | https://login.microsoftonline.com/c2c50f21-.../federationmetadata.xml?appid= ... |
| Entity ID | https://[your_domain]:82/biwebclient |
| Provider Entity ID | http://www.okta.com/...[your_EntityId] |
| Provider Login Endpoint | https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../sso/saml |
| Provider Logout Endpoint | https://dev- <oktaID>.okta.com/app/dev-<oktaID>_saml2/1.../slo/saml |
| SAML2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://[your_domain]:82/Logout/LoggedOut |
| Certificat | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Forcer la réauthentification | Désactivé |
| Autoriser mémoriser moi | Désactivé |
Exemple de mappage des utilisateurs
| Champ | Exemple |
|---|---|
| Nom d'utilisateur | ADMIN |
| Nom | ADMIN |
admin@companyname.com | |
| User Identifier | RD@nectari.com |
OneLogin
Informations sur le fournisseur
| Paramètre | Exemple |
|---|---|
| Discovery Endpoint | https://app.onelogin.com/saml/metadata/cbfbba1c-baf4-4b65-a97c-d2706d631a36 |
| Entity ID | https://yourserver/biwebserver |
| Provider Entity ID | https://app.onelogin.com/saml/metadata/yourentityID/ |
| Provider Login Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID/ |
| Provider Logout Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID/ |
| SAML2 ACS URL | https://yourserver/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | https://yourserver/Logout/LoggedOut |
| Certificat | SAML2Certificate.cer |
| User Identifier | nameid |
Exemple de configuration d'authentification
| Champ | Exemple |
|---|---|
| Activer | Désactivé |
| Description | Se connecter avec OneLogin |
| Discovery Endpoint | https://app.onelogin.com/saml/metadata/[attributes-and-entityID] |
| Entity ID | https://yourserver/biwebclient |
| Provider Entity ID | https://app.onelogin.com/saml/metadata/yourentityID |
| Provider Login Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/sso/yourentityID |
| Provider Logout Endpoint | https://your-onelogin-server/trust/saml2/http-redirect/slo/yourentityID |
| SAML2 ACS URL | http://[your-webclient-domain]:82/Auth/CallbackSaml2http://localhost:44390/excelAddin/loginCallback |
| Logout URL | http://[your-server]/Logout/LoggedOut |
| Certificat | SAML2 Certificate.cer |
| User Identifier | nameidentifier |
| Forcer la réauthentification | Désactivé |
| Autoriser mémoriser moi | Désactivé |
Exemple de mappage des utilisateurs
| Champ | Exemple |
|---|---|
| Nom d'utilisateur | ADMIN |
| Nom | ADMIN |
admin@companyname.com | |
| User Identifier | RD@nectari.com |