Introduction
...
- Identity Provider Metadata URL (required)
URL to the metadata of Identity Provider. - Identity Provider EntityId (required)
The EntityId parameter is the unique identifier of the identity provider. EntityId can be obtained from metadata file of the Identity Provider (entityID attribute) - Username claim (optional)
Claim name which will be used for mapping users authenticated by Identity Provider and CXO users. By default nameidentifier claim (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier) will be used. If you decide to use different claim, make sure that the claim is unique within your Identity Provider.
Note: nameidentifier claim should be always sent by Identity Provider even if "username claim" parameter is set to different value. - Signing Certificate Location Type (required)
Signing certificate is used for signing logout requests to the Identity Provider. The certificate can be loaded from either a file or from a certificate store.
It is recommended to use certificate store in production environment. The private key from the certificate will be used for signing messages send by Service Provider (CXO-Cockpit). The public key will be exposed in the metadata file of the Service Provider (CXO-COCKPIT) and should be used by Identity Provider to verify that messages were sent by Service Provider (CXO-Cockpit).
Signing certificate has to be a x509 certificate with a private key. If you are using x509 certificate for SSL, you can use the same certificate for signing SAML requests. Please contact your Identity Provider, in order to check requirements about signing certificate.
The Identity Provider should trust the Certificate Authority which issued signing certificate used by Service Provider (CXO-Cockpit). - Signing Certificate Path (required if Signing Certificate Location Type set to "File")
File Path to the signing certificate. The certificate should not be password protected - Signing Certificate Store Name (required if Signing Certificate Location Type set to "CertificateStore")
Specifies the X.509 store name to search for the certificate. For example, My includes personal certificates. - Signing Certificate Store Location
Specifies the location of the store to search for the certificate. - Signing Certificate x509FindType
Specifies the field that will be search for a match to the value in "Signing Certificate Find Value".
It is recommended to use "FindBySerialNumber" option.
Note: If you use "FindBySerialNumber" option make sure that copied serial number does not have spaces.
Make sure that there is no hidden character before the first hex digit (When copying a serial number from the certificate info it might happen that a hidden character will be added before the first hex digit) - Signing Certificate Find Value
Specifies a search term to use to find the certificate. The value will be searched for in the field specified by the "Signing Certificate x509FindType" attribute.
Please make sure that "CXO-Cockpit Dashboard Url" setting has correct value. CXO-Cockpit Dashboard Url setting is used for generating Service Provider (CXO-Cockpit) metadata file.
...
The metadata file contains all the information which Identity Provider requires (e.g. AssertionConsumerService, SingleLogoutService, EntityId)
Note: This url is only accessible when the Authentication Provider is set to "SAML". The CXO-Cockpit webiste should be restarted after making any authentication configuration change. The website can be restarted on the Maintenance page of the Configurator
...