SSO SAML with attributes: configuration options

The following configuration options are specific for setting up SSO as SAML with attributes sync. For the complete set of options, see DGC service configuration settings.

SSO configuration parameter	Value
Mode	SAML_ATTRIBUTES
Header	<leave empty>
DN	<leave empty>
Attribute	<leave empty>

SSO configuration parameter	Value
Metadata HTTP	URL to saml.xml file (http://url.to.your/saml.xml).
Entity ID	The entity ID as defined in the metadata file. It defines which specific entity (IDP or SP) should be used in a metadata file. The SAML metadata file enables you to define multiple entities in one metadata file. This can also prove useful in combination with Collibra, in cases where planned upgrades are going to occur. You can then upload a new metadata file that contains both entities. When the time comes to switch, you only need to change the configuration option for the Entity ID.
Groups DC managed	False: groups are managed by the SAML IDP. True: groups are managed by DGC.
Service Provider Entity ID	Leave empty, unless the Base URL in General settings does not match the Service Provider Entity ID to be used.
Sign authentication requests	Set to True to use the SAML keypair to sign authentication requests. Note A SAML keypair in x509 is generated and stored in the SAML metadata file when Collibra is started for the first time.
Force authn	True (default): Make the SAML request ask for authentication every single time, even when the user is already known. False: Do not make the SAML request ask for authentication.
Force passive	False (default): The IDP is allowed to take visible control of the user interface/authentication. True: The IDP is forced to not take visible control. Only for specific setups, see the SAML 2.0 specifications for more information.
Name ID	The nameID to be sent in the SAML Request. nameID has to have the following format: `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` For other options: See the SAML 2.0 specifications. IDP has to understand the nameID in the SAML Request. It is recommended to set this to what the IDP expects.
Name ID allow create	True (default): Allow the IDP to create a new nameID to satisfy the SP SAML Request. False: Do not allow the IDP to create a new nameID.
Disable	False (default): Send the authentication context as configured in this section. True: Disable the authentication context. Nothing in this section applies anymore. (see also Configuring requested authentication context
Comparison type	Defines the authentication strength that is to be used by the IDP compared to the SAML requested authentication context. This is advanced configuration, see the SAML 2.0 specifications for more information. Possible values: minimum (default) maximum better exact See also Configuring requested authentication context.
Reference list	Contains a list of allowed references. Default:`urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport` This is advanced configuration, see the SAML 2.0 specifications for more information.
Declaration list	Similar to the Reference list, but is empty by default. This is advanced configuration, see the SAML 2.0 specifications for more information.