This is version . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

Amazon supports custom SAML 2.0 applications. See https://docs.aws.amazon.com/singlesignon/latest/userguide/samlapps.html

1. Amazon SSO SAML 2.0 Configurations:#


Open the IAM Identity Center Console https://console.aws.amazon.com/singlesignon and create a new custom application.
custom_app.png

Configure the name, Application ACS URL, and SAML Audience, then submit the application.
Application ACS URL example:
https://your.crushftp.com/?u=SSO_SAML&p=none

SAML Audience example:
https://your.crushftp.com/?u=SSO_SAML&p=none


custom_app_settings.png

Configure the attribute mappings of your application.

custom_app_attribute_mappings_edit.png

Add new attribute mapping.
Maps to this string value or user attribute in IAM Identity Center:
${user:subject}

csutom_app_new_attribute.png

Warning: Assign users/groups to the created application!

custom_app_assign_users.png

2. SAMLSSO plugin configuration
#


Download the IAM Identity Center SAML metadata file.
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XXX">
    <md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>MXXXX</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </md:KeyDescriptor>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/XX"/>
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/X"/>
        <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/>
        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/>
    </md:IDPSSODescriptor>
</md:EntityDescriptor>

custom_app_crushftp_settings.png

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
csutom_app_new_attribute.png 55.0 kB 2 27-Mar-2023 10:28 krivacsz
png
custom_app.png 105.1 kB 1 27-Mar-2023 09:34 krivacsz
png
custom_app_assign_users.png 64.1 kB 1 27-Mar-2023 10:41 krivacsz
png
custom_app_attribute_mappings_... 43.2 kB 1 27-Mar-2023 10:21 krivacsz
png
custom_app_crushftp_settings.p... 217.3 kB 1 29-Mar-2023 03:46 krivacsz
png
custom_app_settings.png 149.6 kB 1 27-Mar-2023 10:13 krivacsz
« This particular version was published on 29-Mar-2023 03:56 by krivacsz.
G’day (anonymous guest)
CrushFTP10 | What's New

Referenced by
LeftMenu

JSPWiki