Versions Compared

Old Version 10

changes.mady.by.user Lonnie VanZandt

Saved on

compared with

New Version 11

changes.mady.by.user Lonnie VanZandt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See https://www.identityserver.com/articles/the-dangers-of-saml-idp-initiated-sso for a succinct argument against IdP-initiated SSO.

Table of Contents
minLevel2
maxLevel2
outlinetrue

Preparation Tasks

  • Assure that the browsers on the user workstations which are going to interact with Syndeia Web Dashboard and with the chosen IdP can connect to both the SP and the IdP and that there are no SSL certificate denials.

  • Assure that there are no traffic shapers on the corporate network that alter HTTP Request and HTTP Response Headers - especially those headers involved in CORS and CSP protocols.

  • Assure that there are no network routers or proxies on the corporate network that alter HTTP URLs or that alter HTTP Location Headers.

  • Obtain the Fully-qualified Network Domain (FQDN) scheme, host, and port of the Syndeia Cloud SP - as it will be recognized by the IdP.

  • Obtain the FQDN scheme, host, and port of the chosen IdP.

  • Study the IdP guides on its choices for the many options in compression and signing of content exchanged in SAMLRequest and SAMLResponse HTTP traffic.

...