Navigate
or
Contact Us
Subscribe Download PDF

Wasp Cloud products: SSO setup with ADFS: Required fields, XML file, and other info

Scott Barnett
2023-03-15
in FAQs

This summary clarifies settings that can be confusing or have different names. Be sure to refer to the specific Help page (if there is one) for each Identity Provider in case there are further details and settings.

----------------------

Identity Provider (IdP): The non-Wasp service that provides user authentication for access to the Wasp product.

Service Provider (SP): The Wasp Cloud software product.

SSO Prerequisites: User and group/role setup that match names.

----------------------

Wasp settings, SAML Service Configuration Valid checkboxes (at the bottom of the page)

Include RequestedAuthnContext
This should always start unchecked. This should only be checked for backwards compatibility if validation fails, due to using an older SAML server.

ADFS:


Always force SAML signature validation
This Wasp setting depends on what is set on the IdP (Identification Provider). Generally, if the IdP requires verification certificates for signature validation, check this box.

ADFS:

----------------------

SAML Claims/Name ID: Unique identifier for the user. Wasp requires this to be the user's email address.

ADFS: LDAP Attribute: E-Mail-Addresses

----------------------

SAML IdP Service provider Metadata file: Download the XML file to your PC from the (non-Wasp) authentication provider configuration page. Upload this saved file in the Wasp SSO settings page.

In the unlikely event that the XML file is not available, an alternate set of 3 items (from your SAML IdP Administrator) can be used: the SAML URL, 509 Certificate, and Issuer values.

ADFS: AD FS Management, Services, Endpoints, Metadata. Combine the URL Host of your ADFS instance with the metadata path. Example:
https://adfs.yourbusiness.com/FederationMetadata/2007-06/FederationMetadata.xml

----------------------

SSO URL: May be referred to as "SSO Service URL", "SAML Post URL location", or "SAML Assertion Consumer Service (ACS) URL".
Found in Wasp's Settings page, in the form
https://YourTenant.waspassetcloud.com/Account/Saml
https://YourTenant.waspinventorycloud.com/Account/Saml

ADFS: SSO Service URL, Relying party SAML 2.0 SSO service URL, (Endpoint) Trusted URL

----------------------

Entity Id: Found in Wasp's Settings page, in the form
https://YourTenant.waspassetcloud.com
https://YourTenant.waspinventorycloud.com

ADFS: Relying party trust identifier

Related Pages