Document toolboxDocument toolbox

SAML2 based external authentication for Kyvos Manager

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)


SAML2 is an open standard used for exchanging authentication and authorization data between various parties, specifically between an identity provider and a service provider. It is based on XML language and is used for security assertions. SAML2 is supported for authentication in the Kyvos Manager.

To configure the SAML2  as an external authentication provider for the Kyvos Manager, perform the following steps. 

  1. On the navigation pane, click Kyvos Manager Settings > Web based SSO.
    The Web based SSO dialog is displayed. 

  2. Select the Enable External Authentication check box to define the external authentication mechanism.

  3. Select the SAML2 option from the Provider list.

  4. Enter details as:

Parameter/Field

Comments/Description

Parameter/Field

Comments/Description

Header Name

Enter the name of the HTTP header that contains the user name in the HTTP request.

Header Type

Select the type of value to be sent by the external authentication tool as an SSO token.

Error Redirection URL

Enter the URL to which the user will be redirected if there is an error in authenticating the Kyvos Manager application with SAML2
Absolute URLs are supported. 
Example: http://host:port/appname

Disable Native User Login

This option enables or disables the native Kyvos Manager user login in conjunction with external authentication. If the option is selected, users will be redirected to an external authentication site when opening the Kyvos Manager application in a browser.

  1. For SAML Settings, in the Service Provider Settings, enter details as:

    1. The Single Sign-On Return URL is displayed.

    2. The Single Logout Return URL is displayed.

    3. The Metadata URL is displayed.

    4. Upload the X.509 Certificate File to verify the authenticity of SAML2 response. You can the change the file and upload it.

    5. Upload the Service Provider Key File to reverse of signing and verify the SAML2 response. You can change the file and upload it.

Note

This is essentially the reverse of signing and verification. The sender signs SAML using the private key that they control (their signing certificate) and the receiver verifies the signature using the sender's public key (the verification certificate).

  1. In the Identity Provider Settings, provide the Metadata URL.

  2. Click the Save button to save changes.

 

Copyright Kyvos, Inc. All rights reserved.