Configure Niagara IdP and SAML Scheme
This component sets up a provisioning job on the Supervisor station to configure one or more remote stations with a server
certificate (private and public keys) and the SAML (Security Assertion Markup Language) authentication scheme configured for
the internal IdP (Identity Provider). First this provisioning job configures SAML authentication schemes on the remote station
based on the Circle of Trust for which the station is configured in the SAMLIdpService. Then, it updates the Station Service Provider objects in the Circle of Trust with the correct values from the remote station.
You add this job step component in the top pane (Provisioning steps to run) of the Niagara Network Job Builder or the Niagara Network Prototype View.
Figure 23. Niagara IdP and SAML Scheme Properties
| Property | Value | Description |
|---|---|---|
| Login Button Text Format | text | Displays the text on the login button to access the subordinate station. |
| IdP Certificate Alias | text | Specifies the alias for the certificate (with public key). |
| SAML Signing Certificate Alias | text | Specifies the alias of the certificate to use as the subordinate station’s SAML Server Certificate. |
| SAML Encryption Certificate Alias | text | Specifies the alias of the encryption certificate. |
| Generate new remote SAML signing certificate | check box | Generates a new server certificate to use as the subordinate station's SAML Server Certificate. |
| Common Name (CN) | text | Specifies the distinguished name of the host or address of the server. |
| Generate new remote SAML encryption certificate | text | Generates a new server encryption certificate to use as the subordinate station's SAML Server Certificate. |
| Common Name (CN) | text | Specifies the distinguished name of the host or address of the server. |
| Organizational Unit (OU) | text | The name of a department within the organization or a Doing-Business-As (DBA entry). |
| Organization (O) | text | The legally registered name of your company or organization. Do not abbreviate this name. |
| Locality (L) | text | The city in which the organization for which you are creating the certificate is located. |
| State/Province (ST) | text | The complete name of the state or province in which your organization is located. This property is optional. |
| Country Code (C) | two-character ISO-format country code | If you do not know your country's two-character code, check www.countrycode.org. |
| Not Before | date | Specifies the date before which the certificate is not valid. |
| Not After | date | Specifies the expiration date for the certificate. |
| Key Size | number | Specifies the size of the keys in bits. Four key sizes are allowed: 1024 bits, 2048 bits (this is the default), 3072 bits, and 4096 bits. Larger keys take longer to generate but offer greater security. |
| Certificate Usage: | text | Specifies the purpose of the certificate. |
| Alternative Server Name | text | This property provides a name other than the Subject (Common Name) that the system can use to connect to the server. |
| Email Address | email address | The contact address for this certificate. It may also be the address to which your signed certificate (.pem file) will be sent. |
| Key Usage | check box | Indicates the business scenario that requires authentication, encryption, and digital signing. The public and private keys associated with each certificate may be used to provide these secure features. |