Like what you see? Have a play with our trial version.

Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Yellowfin Guide 7.4

Page History

Versions Compared

Old Version 5

changes.mady.by.user user-3484a

Saved on 14 Mar, 2018

compared with

New Version Current

changes.mady.by.user user-3484a

Saved on 14 Mar, 2018

Key

This line was added.
This line was removed.
Formatting was changed.

...

Property	Description
onelogin.saml2.sp.entityid	The entityId of the SAML Bridge SP. This will be the metadata URL for the SAML Bridge. The URL is of the form: <scheme>://<host>:<port>/<context>/metadata.jsp. The metadata.jsp file is located in the ‘samlbridge’ folder. This can be used to register the SAML Bridge SP in AD FS. For instance, http://yellowfin:8080/samlbridge/metadata.jsp Note: Ensure that this URL is accessible from AD FS.
onelogin.saml2.sp.assertion_consumer_service.url	This is the URL that handles a successful authentication. Yellowfin does it via samlbridge/acs.jsp. For instance, http:// yellowfin:8080/samlbridge/acs.jsp Note: The SP entityid must be registered with the AD FS to allow user access to this service. For information on how to register, click here.
onelogin.saml2.sp.single_logout_service.url	This is the URL that handles logging off. The samlbridge/sls.jsp file is used for this purpose. For instance, http:// yellowfin:8080/samlbridge/sls.jsp
onelogin.saml2.sp.x509cert	This is the text representation of a security certificate. A self-signed certificate can be generated with: openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.pem The text representation of the sp.crt from the above command is required for this option.
onelogin.saml2.sp.privatekey	This is the text representation of the certificate's private key. This is the text representation of the sp.pem file that was created by the self-signed certificate process above.
onelogin.saml2.sp.nameidformat	This is required by the OneLogin SAML; it should correspond to the Name ID format of the AD FS. Can be one of: NAMEID_EMAIL_ADDRESS = 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'; NAMEID_X509_SUBJECT_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName'; NAMEID_WINDOWS_DOMAIN_QUALIFIED_NAME = 'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName'; NAMEID_UNSPECIFIED = 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified'; NAMEID_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos'; NAMEID_ENTITY = 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity'; NAMEID_TRANSIENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'; NAMEID_PERSISTENT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'; NAMEID_ENCRYPTED = 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted'; Note: Any changes made to the onelogin.saml.properties* file will require the Yellowfin SAML Bridge to be restarted for new settings to take effect.*

...

Section

Column

width	70

Previous topic: SAML bridge overview

Column
Next topic: AD Federation ServicesFS configuration