This document provides an overview of the process for connecting with the Single Sign-On capabilities of a new organization.
Identity provider target URL
Organization must provide the URL to which the user is redirected for the authentication.
When users enter their credentials into the Salute login page, this is the page to which they will be redirected for authentication.
Identity provider certification fingerprint
Organization must provide the SHA-1 fingerprint of the certificate (e.g., “90:CC:16:F0:8D:...”)
SHA-1 is a standard for the implementation of a 'secure hash algorithm' - a one-way cryptographic function that can be used to act as a 'signature' of a sequence of bytes.
Identity provider single logout URL
To log users out, organizations must configure a SAML logout URL in the SAML connection settings. If a logout URL is not configured, the SAML login URL will be used by default.
Salute will initiate a logout by sending a SAML logout request to the external identity provider if the federated query string parameter is included when redirecting the user to the Logout endpoint.
Information about attributes returned in SAMLResponse
A SAML Response is sent by the organization to Salute and if the user succeeded in the authentication process, it contains the Assertion with the NameID / attributes of the user. The organization should provide a list of the available attributes.