Skip to main content
👋 You have been redirected to the new Help Center! Don't forget to change your shortcuts. ➡️ Learn more about migration

Does the knowledge base help you find what you're looking for?

Thanks for your opinion

BETA - METADATA information for SAML SSO provider

Related to

Baptiste CANDELIER
  • Updated

This feature is only available for Beta test users.
Available with Beta v153.7.

This new feature provides a way to automatically update SAML settings for the company (e.g the SAML signing certificate expires every 3 months and you want to automate the certificate update in Rainbow).

Principle

  • Use the customer's SAML Identity Provider metadata to load the settings in Rainbow.
  • Provide a polling mechanism to periodically reload the settings from the configured SAML Identity Provider’s metadata URL.

Configuration

For the configuration you'll need to retrieve the SAML Identity Provider’s metadata URL. In addition to that, if needed, you'll have to retrieve the Metadata Signing Certificate. Optional you may need the Entity Id in case the metadata contains the description of several SAML Identity Provider servers.

With these information you can know configure in Rainbow the SAML authentication method with automatic configuration. 

SAML Provider information

This is example of the information needed for the configuration using Microsoft Azure AD (now called Microsoft Entra ID)

SAML Identity Provider’s metadata URL

Open the "Enterprise Applications"

From the list All applications, select the Rainbow SAML app

Then select the menu Manage / Single sign-on and copy the link from App Federation Metadata Url

How to find the optional information Metadata Signing Certificate

Open the previously copied App Federation Metadata Url in a browser

You can find the certificate in the node EntityDescriptor > Signature > ds:KeyInfo > ds:X509Data > ds:X509Certificate

Optional Entity Id

The Entity Id can be found on Azure in "Microsoft Entra Identifier"

  • Is only needed to indicate which SAML Identity Provider server to use when the customer's metadata contains the description of several SAML Identity Provider servers.
  • If no Entity Id is not set and the metadata contains the description of several SAML Identity Provider servers, then the first one will be selected.
  • If Entity ID is set but no SAML Identity Provider is found with this Entity ID in the customer's metadata file, an error is returned.

Rainbow SAML authentication method configuration

As company administrator, go to the company Settings / Security and add the SAML 2.0 Authentication method

  • Choose Automatic configuration
  • Copy the App Federation Metadata Url in the field Metadata URL
  • Optional, copy the Metadata Signing Certificate into the corresponding field
  • Set an update frequency (in days)
  • Click on next and save the configuration.

Check the configuration

  • Metadata update frequency setting allows to configure the periodicity of polling mechanism in order to update customer’s SAML Identity Provider’s settings from the configured Metadata URL.
    • When polling is enabled, “Next update date” indicates the next polling occurrence.
    • When polling is enabled, if a polling already occurred, “Last update date” indicates the previous polling occurrence.
  • Note that in the case “Automatic configuration” is used, only the fields related to the automatic configuration can be changed (“Metadata URL”, “Entity ID”, “Metadata signing certificate” and “Metadata update frequency”).
  • The settings which were gathered from automatic configuration are shown as read only (“Login URL”, “Logout URL”, Assertion signing certificates”)
Was this article helpful?
0 out of 0 found this helpful

Related articles