Hi all -
The builds from 3/2 onwards include support for integrating Ignition as a Relying Party with a SAML 2.0 Identity Provider. You’ll notice the new type is available from the Gateway Config Web Interface => Identity Providers (under the Security category) => Create New Identity Provider.
Those of you familiar with configuring SAML entities should find the configuration interface self-explanatory. It provides the capability to export Ignition’s SP metadata, import IdP metadata, and manually tweak configuration options common to most SAML SPs.
Note that the initial implementation currently supports verifying Response and Assertion signatures and supports the HTTP Redirect and HTTP POST bindings for the SSO request / handling the response at the ACS. The initial implementation does not support the following:
- Other bindings such as HTTP Artifact, SOAP, or PAOS
- SP Signature Generation (for example: signing the AuthnRequest)
- Single Logout (SLO)
- Decryption of IdP Responses and Assertions
- IdP-initiated SSO
As demand for the above capabilities increases, we will consider prioritizing them assuming we have solid use cases to go along with the demand.
More information will be added to the main 8.0 docs in the near future.