OwnCloud

Introduction

OwnCloud use SAML 2.0 to federate identities.

In SAML terminology, there is a client application which is called Service Provider (SP) and an identity provider (IdP), here Trustelem.
Nota: For more details about OwnCloud setup, contact us

Application configuration elements, on the SP side

Definition of the pages where SSO authentication is enabled (LoginPath)

Definition of the SAML URL for the SP side: Assertion Consumer Service (ACS)

Definition of the identifier attribute (NameID) and its format

Definition of the IdP (Trustelem) connection URLs

Definition of the certificate(s) used for encryption and/or the signature of SAML content.
Note: these configuration data can be requested in metadata.xml format.

Application configuration elements, on the IdP side

EntityID: application identifier → must be identical to what was indicated on the SP side

Assertion Consumer Service (ACS): URL on the SP side for receiving SAML assertions generated by the IdP → must be identical to what was indicated on the SP side

NameID Attribute: name of the attribute containing the user's identity in the SAML response provided by the IdP Trustelem to the SP application → must be identical to what was indicated on the SP side

NameID Format: format of the NameID attribute. Except in special cases, use the default value → must be identical to what was indicated on the SP side

Attributes List: additional attributes that can be embedded by the IdP into the SAML responses, and used by the application on the SP side

RelayState: URL of the page to which the user should be redirected after authentication

Custom login URL: URL used to initialize login via SAML 2.0 in the Trustelem user's dashboard

Custom scripting: script to add/modify attributes in the SAML responses (example: attribute from the Active Directory)