# OwnCloud

#### Introduction

* OwnCloud use SAML 2.0 to federate identities.

* In SAML terminology, there is a client application which is called Service Provider (SP) and an identity provider (IdP), here Trustelem.

    **Nota:** For more details about OwnCloud setup, contact us

#### Application configuration elements, on the SP side

* Definition of the pages where SSO authentication is enabled (LoginPath)

* Definition of the SAML URL for the SP side: Assertion Consumer Service (ACS)

* Definition of the identifier attribute (NameID) and its format

* Definition of the IdP (Trustelem) connection URLs

* Definition of the certificate(s) used for encryption and/or the signature of SAML content.  
  *Note: these configuration data can be requested in metadata.xml format.*

#### Application configuration elements, on the IdP side

* **EntityID:** application identifier → must be identical to what was indicated on the SP side

* **Assertion Consumer Service (ACS):** URL on the SP side for receiving SAML assertions generated by the IdP → must be identical to what was indicated on the SP side

* **NameID Attribute:** name of the attribute containing the user's identity in the SAML response provided by the IdP Trustelem to the SP application → must be identical to what was indicated on the SP side

* **NameID Format:** format of the NameID attribute. Except in special cases, use the default value → must be identical to what was indicated on the SP side

* **Attributes List:** additional attributes that can be embedded by the IdP into the SAML responses, and used by the application on the SP side

* **RelayState:** URL of the page to which the user should be redirected after authentication

* **Custom login URL:** URL used to initialize login via SAML 2.0 in the Trustelem user's dashboard

* **Custom scripting:** script to add/modify attributes in the SAML responses (example: attribute from the Active Directory)