Index | Prev | Next

Logging in with SAML SSO

SAML SSO works via a browser connection to a station. With SSO, you log in to one station and you are automatically allowed access to all other networked stations that are also configured for SSO. You will not be prompted for credentials when logging in to the other networked stations.
Prerequisites:
  • Your station is already configured for SSO.
  • You have already provided your IdP admin with any required data.
  • You are using a web browser.
When entering the URL for the station in the browser, communications are bound by the domain specified by the Identity Provider (such as station1.domain.com). This means that you cannot make a local connection using https:\\localhost. Instead you would use https:\\station1.domain.com. This actually depends on the IdP requirements. Different IdPs may require different information and in a different format. For example, for the Salesforce IdP a field specifies the host name that you will use; and for the OpenAM IdP, you need to provide a specially-formatted XML file that supplies the host name and other data. You will need to ask the IdP administrator what information to provide.
Perform the following steps:
  1. In the web browser, open a station connection.
  2. In the Login window, enter your username and click Log In with SSO (the actual button text may differ depending on the SSO scheme configuration).
    Image
    The Remember my choice option is most useful when there are multiple SAML authentication schemes in the station. In that situation, a separate SSO Login button displays for each SSO scheme. When checked, the login function remembers the chosen SSO Login button automatically uses it on subsequent attempts to access the station. This setting can also apply when there is just one SSO scheme. If the station is not set for auto-SSO, clicking this check box simulates auto-SSO by attempting to log in with the saved scheme.

    If you have already logged in with SSO, the station connects immediately.

    If this is the first time you are logging in with SSO your browser redirects to the Identity Provider’s site.

  3. In the Identity Provider’s login window, enter your station credentials (username and password) and click Log In.
    The example shown here shows the OpenAM IdP SSO Login window.
    Image
On successful authentication completion, you are logged in to the station and the browser is immediately redirected there. Also, you immediately gain access to this station and to all other networked stations. Additionally, you have an active session with the IdP, which allows you to bypass entering credentials the next time you log in to a station. Actually, you still are redirected to the IdP but it knows you have already logged in and redirects you right back to the station.

Related Links

  • Single Sign On (Parent Topic)

    • Related Concepts

  • Single Sign On

    • Related Tasks

  • Setting up the SAML IdP Service
  • Configuring subordinate stations for SAML IdP Service and Scheme

    • Related References

  • SAML Authentication Scheme (saml-SAMLAuthenticationScheme)
  • S A M L Attribute Mapper (saml-SAMLAttributeMapper)

    • Index | Prev | Next