================= SSO configuration ================= SSO Properties (app.sso) ======================== | **enabled** - To enable sso support | **login-auto-submit** - Stay on login form or try to submit it immediately after rendering | **first-name-prop-name** - Mapper field name for "First Name" to retrieve from IdP ('firstName' by default) | **last-name-prop-name** - Mapper field name for "Last Name" ('lastName' by default) | **phone-number-prop-name** - Mapper field name for "Phone Number" ('phoneNumber' by default) SSO SAML2 Configuration (app.sso.saml) ====================================== | **entity-id** - ID of the Service Provider (should be {whitedoc_backend_url}/saml/metadata) | **idp-metadata** - URL to Identity Provider metadata or Path to metadata file | **max-authentication-age-sec** - Sets maximum time between users authentication and processing of an authentication statement (1 week by default) | **keystore.location** - Path to JKS file with signing certificate | **keystore.alias** - Alias of the certificate | **keystore.password** - Password of the certificate | **FYI** | Each property can be set via ENVIRONMENT property by replacing '.' with '_' and in upper case, see examples: | APP_SSO_ENABLED=true | APP_SSO_FIRST-NAME-PROP-NAME=givenname How to set up IdP SSO ===================== * Create new SAML application on IdP * Set ACS URL {whitedoc_backend_url}/saml/SSO * Set Entity ID {whitedoc_backend_url}/saml/metadata * Set Sign Assertion = true * Set Name ID format = EMAIL * Add attribute mappings for First and Last names * Copy IdP Metadata URL or the xml file and set to {app.sso.saml.idp-metadata}