Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
saml1.png 177.8 kB 1 25-Oct-2018 04:31 Ben Spink
png
saml2.png 211.5 kB 1 25-Oct-2018 04:31 Ben Spink

This page (revision-14) was last changed on 17-Dec-2020 07:28 by Ben Spink

This page was created on 25-Oct-2018 04:31 by Ben Spink

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed one line
!!The SAMLSSO plugin requires an enterprise license.\\
!!Enterprise Licenses Only\\
SAMLSSO Plugin\\
At line 3 changed one line
This plugin is for advanced users in an organization using SAML.
This plugin is for advanced users in an organization using SAML. While this config is generic (from [Okta]) in its description to all SAML providers, see the Microsoft ADFS config example for specifics on ADFS. *[SAMLSSO_ADFS]*\\
!For a generic config, you can get these items from the 'config.xml' (Keycloak for example):\\
{{{
CrushFTP:Redirect URL = HTTP-POST URL
CrushFTP:SAML Provider URL = EntityID
CrushFTP:SAML Issuer = ClientID (or ApplicationID)
CrushFTP:Signing certificate = X.509 Certificate
}}}
\\
For configuring through a DMZ, this requires Crush 8.3.0_8+ and for both the DMZ instance and internal instance to have identical configurations. If you are using the groups attribute in SAML to specify group memberships, add them into the LDAP roles area using the same group name SAML returns. Set the cache timeout to be "-1" and it will skip connecting to the LDAP configured server info. (Which is what you want if using SAML groups.) If you don't have LDAP and don't have groups being passed through, you can add the special group name "-ALL_ROLES-" and it will allow all logins from SAML.\\
\\
This plugin can be linked together with the WebApplication plugin for a scenario where your LDAP does not apply to your SAML logins. *[SAMLSSO_WebApplication]*\\
At line 7 changed one line
We provide an example screenshot for an OKTA account. Both HTTP POST and redirect does are supported.\\
We provide an example screenshot for an OKTA account. Both HTTP POST and redirect modes are supported.\\
At line 34 added 2 lines
\\
Also be sure prefs.XML has "http_redirect_base" set to a blank value, or your actual URL, or else the redirection will be blocked.\\
Version Date Modified Size Author Changes ... Change note
14 17-Dec-2020 07:28 2.527 kB Ben Spink to previous
13 21-May-2020 03:36 2.525 kB Ben Spink to previous | to last
12 19-Nov-2018 04:07 2.368 kB Ben Spink to previous | to last
11 19-Nov-2018 04:05 2.347 kB Ben Spink to previous | to last
10 25-Oct-2018 04:31 2.069 kB Ben Spink to previous | to last
9 25-Oct-2018 04:31 2.069 kB Ben Spink to previous | to last
8 25-Oct-2018 04:31 1.62 kB Ben Spink to previous | to last
7 25-Oct-2018 04:31 1.482 kB Ben Spink to previous | to last
6 25-Oct-2018 04:31 1.49 kB Ben Spink to previous | to last
5 25-Oct-2018 04:31 1.488 kB Ben Spink to previous | to last
4 25-Oct-2018 04:31 1.321 kB Ben Spink to previous | to last
3 25-Oct-2018 04:31 1.171 kB Ben Spink to previous | to last
2 25-Oct-2018 04:31 1.17 kB Ben Spink to previous | to last
1 25-Oct-2018 04:31 0.126 kB Ben Spink to last
« This page (revision-14) was last changed on 17-Dec-2020 07:28 by Ben Spink
G’day (anonymous guest)
CrushFTP9 | What's New

Referenced by
LeftMenu

JSPWiki