Amazon supports custom SAML 2.0 applications. See https://docs.aws.amazon.com/singlesignon/latest/userguide/samlapps.html
1. Amazon SSO SAML 2.0 Configurations:#
Open the IAM Identity Center Console https://console.aws.amazon.com/singlesignon
and create a new custom application.
Configure the name, Application ACS URL, and SAML Audience, then submit the application.
Application ACS URL example: https://your.crushftp.com/?u=SSO_SAML&p=none
SAML Audience example: https://your.crushftp.com/?u=SSO_SAML&p=none
Configure the attribute mappings of your application.
Add new attribute mapping.
Maps to this string value or user attribute in IAM Identity Center:
${user:subject}
Warning: Assign users/groups to the created application!
2. SAMLSSO plugin configuration
#
Download the IAM Identity Center SAML metadata file.
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XXX">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MXXXX</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/XX"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/logout/X"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://portal.sso.us-east-1.amazonaws.com/saml/assertion/XX"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
png |
csutom_app_new_attribute.png | 55.0 kB | 2 | 05-Dec-2023 05:32 | krivacsz | |
png |
custom_app.png | 105.1 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
custom_app_assign_users.png | 64.1 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
custom_app_attribute_mappings_... | 43.2 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
custom_app_crushftp_settings.p... | 217.3 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
custom_app_settings.png | 149.6 kB | 1 | 05-Dec-2023 05:32 | krivacsz |
«
This particular version was published on 05-Dec-2023 05:32 by krivacsz.
G’day (anonymous guest)
Log in
CrushFTP11 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI
JSPWiki