Skip to content
Dan edited this page May 3, 2018 · 13 revisions

SAML Authentication Plugin

Plugin Version 4.10.x compatible with Telligent Community 10.x and Up (see branch Telligent7 for older version support)

What is the SAML Authentication Plugin

This plugin allows your community to receive a SAML tokens via HTTP POST at a new endpoint / route ( ~/samlresponse ). will receive, validate and unpackage the SAML token and repackages it in a way compatible with the out of the box IOAuthClient extensibility features. It supports SAML 1.1 HTTP POST and SAML 2.0 HTTP POST bindings, configurable AuthN request scenarios, has several options for handling logout scenarios.

SAML Binding Support

  • SAML 1.1 HTTP POST
  • SAML 2.0 HTTP Post

SAML AuthN support

  • IDP Initiated
  • Redirect / HTTP GET (XML signatures not supported in current code)
  • HTTP POST (with optional XML signature)
  • WSFederation

Logout

  • Internal (local forms authentication logout)
  • External (logout preformed by external URL; must destroy the forms auth cookie or call ~/samllogout)
  • IFrame (logout form calls into remote url to log out of IDP)
  • WSFederation signout requests are supported (requires a custom IPlatformLogout extension)

To use this plugin, your SAML token should support the following claims (exact claim paths can be configured in the plugin)

  • Username (must be unique)
  • Email Address (must be unique)
  • Display Name (optional)

Additional Topics

  • Building the plugin
  • Build Numbers
  • Installation
  • Configuring your IDP
  • Configuring Telligent
  • Extensiblity Points
    • Events
      • OnAfterAuthenticate - Fires after successful saml user authentication
      • OnAfterUserCreate - Fires after a new user is created using a SAML login
    • Custom Plugin Types
      • IPlatformLogout - Responsible for logging the user out of the current site persistence scheme
      • ISamlDisplayNameGenerator - Provides / Exposes a Display Name for new saml users
      • ISamlOAuthLinkManager - Responsible for managing connections between existing users (or users created outside of the SAML login process) and their saml nameid
      • ISamlTokenDataValidator - Provides access to SAML token validation
      • ISamlUserLookup - Exposes custom logic to determine if the user in the saml token already exists in the Telligent site
      • ISamlUsernameGenerator - Exposes a spot to inject logic into setting the Username provided to Telligent

Included Extensions / Sample Code

  • SAML Profile Attribute Manager
  • SAML User Role Manager
  • SAML Display Name Generator
  • SAML User Email Manager

###Advanced Topics

You can’t perform that action at this time.