!!Enterprise Licenses Only\\
SAMLSSO Plugin\\
\\
This plugin is for advanced users in an organization using SAML.  While this config is generic in its description for all SAML providers, see the Microsoft ADFS config example for specifics on it.  *[SAMLSSO_ADFS]*\\
\\
This plugin can be linked together with the WebApplication plugin for a scenario where your LDAP does not apply to your SAML logins. *[SAMLSSO_WebApplication]*\\

!!1)\\
The top half controls the connection parameters to the SAML provider server.\\
We provide an example screenshot for an OKTA account.  Both HTTP POST and redirect modes are supported.\\
[attachments|saml1.png]\\
\\
!!2)\\
The lower half controls what to do with the resulting user that is validated once they are redirected back to your CrushFTP server.  This mainly contains configuration items related to LDAP.  An LDAP server is required for looking of role associations for the user that SAML validated.\\
[attachments|saml2.png]\\
\\
!!3)\\
The final item is using a Url like this to make CrushFTP redirect a user to the SAML provider.\\
{{{
http://domain.com/?u=SSO_SAML&p=redirect
}}}
This could be placed on your login page, or even use javascript to auto redirect the user to that URL.\\
\\
Be certain the Preferences, Misc tab has the remember invalid usernames configured to 0 seconds or your SAML login will get rejected since CrushFTP caches the username as being invalid and doesn't even ask the plugin.\\
\\
Also be sure prefs.XML has "http_redirect_base" set to a blank value, or your actual URL, or else the redirection will be blocked.\\