Skip to main content
Version: 3.22

SAML 2.0

caution

Please take a look to our technical specification manual for a list of approved SAML authentication providers.

senhasegura implements SAML 2.0 authentication. SSO providers that support the protocol can be configured.

caution

senhasegura versions 3.12 and earlier it will be necessary to contact senhasegura support team to perform a manual configuration that allows authentication through the SAML protocol.

For senhasegura to be integrated with an SSO 1 service with SAML 2.0 protocol support, it is necessary that this service is already configured and with embedded users. senhasegura should then receive the following information for configuration:

  • Entity ID: It is the identification of senhasegura in the SAML provider;

  • SAML provider metadata URL: It is the URL of the SAML service published by the provider (role descriptor).This XML contains the interface elements, Signing keys or encryption keys, and the SSO protocol endpoints;

  • Redirect URL: It is the senhasegura URL that will receive the authentication steps. By default it will be as follows https://senhasegura.mycompany/flow/saml/auth/assert/, where the example domain senhasegura.mycompany must be replaced with the senhasegura instance access IP or domain;

  • SSO Login URL (Sign-in URL): SAML SSO provider URL where senhasegura should access at the login step;

  • SSO Logout URL (Sign-out URL): SAML SSO provider URL where senhasegura should access at the logout step;

We recommend that you request a private key in the PEM format and a certificate in the PEM format so that senhasegura communicates encrypted with the SSO SAML provider.

To enable the use of the SAML authentication provider in senhasegura :

  1. Go to the menu Settings ➔ Authentication ➔ Providers;

  2. Locate the SAML record and change it status to Active;

  3. Go to the menu Settings ➔ Authentication ➔ Providers ➔ System SAML ➔ Providers SAML;

  4. Click on the report action New;

In the form that opens, fill in the information with the data previously mentioned in the premises.

  • At tab General;

    • Type: SAML SSO provider type. Use SAML provider if you can't find your provider model;

    • Entity ID: It is the senhasegura identification in the SAML provider;

    • SAML provider metadata URL: It is the SAML service URL published by the provider (role descriptor). This XML contains the interface elements, Signing keys or encryption keys, and the SSO protocol endpoints;

    • Redirect URL: It is the senhasegura URL that will receive the authentication steps. By default it will be as follows https://senhasegura.mycompany/flow/saml/auth/assert/, where the example domain senhasegura.mycompany must be replaced with the senhasegura instance access IP or domain;

    • SSO Login URL (Sign-in URL): URL that the SAML SSO provider use to redirect to senhasegura to be accessed at login;

    • SSO Logout URL (Sign-out URL): URL that the SAML SSO provider use to redirect to senhasegura to be accessed at logout;

  • Na aba Security SAML;

    • Should sign SAML request?: If confirmed, senhasegura will communicate with the SSO SAML provider using the provided encryption;

    • Signature algorithm for request: Encryption algorithm to be used;

    • Private key (PEM format): Private key in PEM format to be used at communication level;

    • Certificate (PEM format): Certificate in PEM format to be used at communication level;

From this moment on, senhasegura users can see a login button using SAML on the senhasegura login screen. The authentication validity time rules are the control of the SSO SAML provider.