Skip to main content

SAML 2

SAML 2

What is SAML 2.0?

SAML 2.0 is a security standard dedicated to the exchange of authentication and authorization information. This protocol is based on the exploitation of information tokens to exchange data between a SAML "authority" (Identity Provider) and a SAML "consumer" (Service Provider).

Acronyms:

  • SAML: Security Assertion Markup Language
  • IDP: Identity Provider
  • SP: Service Provider

Prerequisites to group identities:

  • Compatibility with IDPs and SP initiated by SAML 2.0 connections.
  • Compatibility with HTTP POST requests and redirection links.
  • Compatibility with the HTTPS protocol.
  • Compatibility with SAML assertion requests.
  • IDP and SP metadata.

This page shows you how to connect to the SAML authentication protocol.

Note: activating the authentication by SAML will be effective for the whole bot (i.e. all chatboxes).

  1. To enable the SAML service within your solution, go to Preferences >Bot >General.

  2. Go to the Connection sub-menu and check Enable SAML to enable the SAML service. If the SAML service is not available, please manually add this preference by following the procedure on this page.

  3. Then you will have access to the SAML configuration by going to Preferences >APIS >SAML 2.

  4. Download the Do You Dream Up Service Provider (SP) that you need to integrate. To do so, click Dowload SP Metadata.

  5. Import the Identity Provider (IDP) file. To do so, click Choose file.

  6. In order to enable SAML 2 authentication, check Enable / Disable SAML2 authentication.

  7. You must also select the Login protocol. Use the HTTP-POST protocol (selected by default) in priority.

  8. Click Ok.

    If the IDP file has been successfully configured, SAML 2 authentication will be effective.

The Current IDP info section will give you an overview of the IDP information. The configuration of your IDP file may not be correct and cause different bugs. You will need to make changes to the file.

You will also be able to test the configuration of your protocol using the Test configuration section. To do so, simply click Send auth request to IDP.

Notes:

  • After enabling SAML, if a user is not authenticated, nothing may appear;
  • The cache duration is 5 minutes.

SAML - Google

This section introduces you to the procedure that allows you to enable SAML authentication with Google Accounts.

Download SAML metadata from the DYDU app

  1. Go to the Preferences >APIS >SAML 2.
  2. Click Download SP Metadata.

Creating a Google SAML application

  1. Log in to https://admin.google.com

  2. Go to Applications >SAML Applications then click +.

  3. Then click Set up my custom application.

  4. Use option #2 and download the IDP metadata.

  5. Follow the procedure up to Service Provider Details.

  6. Complete the following fields:

    The format of the name ID: EMAIL.

  7. Complete the procedure

    The button allows you to enable the service for everyone.

    Note: the operation may take a long time.

Activating SAML on the Do You Dream Up server

  1. Go to Preferences >APIS >SAML 2.
  2. Import the file with IDP metadata. To so, click Choose file and select your file. Click ok.
  3. Select the HTTP-POST protocol then emailAddress.
  4. Check the Enable / Disable SAML2 authentication box then click ok.

Test without the chatbox

Click Send auth request to IDP. A redirect to the Google authentication page must be made.

Configuration with the chatbox

  1. Go to Integration >Web >Chatbox.

  2. Click Create new configuration or select an existing configuration.

  3. Click Show advanced view then go to the module.common.saml2.auth module.

  4. Check both boxes in Configurations sub-menu (use-relay and redirect-top-window).

  5. Deploy your configuration and test your chatbox.