SAML is a method for single sign-on authentication. In this case, the BIS Portal must be connected to your company portal. After this is set up, you just need to log in to your company account, and you can access the BIS Portal.
Within SAML, an Identity Provider (IDP) verifies that you have successfully logged in to your company account, and are allowed to access the BIS Portal.
Note: To configure SAML, the URL of your IDP must be connected to the BIS Portal, so the users can be redirected to this IDP after successfully logging in. Also, certificates must be exchanged to encrypt the connection. |
If you are connected to the SEEBURGER system via SAML, you can set up new users yourself in your company portal. The following standard user rights are possible:
Key User
Consultant
MESSAGE TRACKING User
Read-only
If you have specific requirements, customized groups for these rights can also be created.
Information: Since the configuration of SAML is based on customer-specific URL and certificates, the SAML configuration can only be done after you have provided your information during the inital project, and not already while SEEBURGER initially provides the BIS system before the start of the project. |
SEEBURGER SAML process:
The SAML Login Module enables the single sign-on (SSO) authentication by using an external SAML Identity Provider (IDP at customer side) and acts on SAML Service Provider side (SP = SEEBURGER).
To configure SAML authentication in your identity provider (IDP), you need to enter the following information about your Service Provider (SP):
Issuer (SP)
Assertion Consumer URL (SP)
Signature Certificate
Encryption Certificate
Since this information is specific for every BIS system, it will be delivered during your initial project with SEEBURGER.
To enable SEEBURGER to configure the SAML Login Module, you need to provide the following information:
Configuration of: |
Value: |
Your URL (IDP): |
The URL of your IDP. After the authentication request is created and executed by the Login Module, the browser redirects the user to this URL (see step 2/3 of the SAML process). |
Signature Certificate: |
We recommend to use an SHA-2 algorithm to meet the highest security standards. |
Encryption Certificate: |
We recommend to use AES-256 to meet the highest security standards. |
Assertion Attributes: |
After the Login Module has retrieved, extracted and verified the authentication assertion from the IDP (see step 8 of the SAML process), the respective attributes within the assertion are used to create the required user credentials. |
Use Subject For User Credential: |
Activated/Deactivated. If activated, the Login Module extracts the name of the user from the assertion subject NameID. |
User: |
This information is required if "Use Subject For User Credential" is deactivated. If "Use Subject For User Credential" is deactivated, the authenticated user is extracted as normal assertion attribute by the name which can be defined by setting this User attribute. |
First Name: |
This information is optional. |
Last Name: |
This information is optional. |
Full Name: |
This information is optional. |
Language: |
This information is optional. |
Phone Number: |
This information is optional. |
Department: |
This information is optional. |
Note: There is no AuthnRequest sent from service provider (SP) to identity provider (IDP) for IDP initiated log-in, so make sure this is disabled on your IDP. |
Find more information about SAML on or SEEBURGER blog: