Configuring a Site for SAML (Web SSO) Authentication

To enable SAML (Web SSO) authentication

  1. In the administration interface, connect to EFT and click the Server tab.

  2. On the Server tab, click the Site you want to configure.

  3. In the right pane, click the General tab.

  4. Click SAML (WebSSO), then click Configure, then provide the details needed to configure SAML.

    1. Service Provider:

      • Entity ID - The default is the host name value specified for the EFT Site being configured, e.g., MySite. Any string value can be provided, up 255 characters, including UTF-8 encoded characters.

      • Reserved Path - The base address followed by the SSO path, e.g., [hostaddress]/sp/samlv2/sso.

    2. Identity Provider:

      • Entity ID - The Identity Provider's host name

      • POST URL - The Identity Provider's POST URL or endpoint that EFT should bind to.

      • Public Key - Certificate path to be used for verifying the server's identity

    3. Username:

      • Location in assertion - Specify whether the username is stored as NameID or Attribute.

      • Attribute name - If Attribute is specified for location, provide the Attribute name.

      • Identifier format - Select the list box and click the format identifier from the list:

        • Unspecified

        • Email Address

        • X.509 Subject Name

        • Windows Domain Qualified Name

        • Kerberos Principal Name

        • Entity Identifier

        • URI Reference

        • Basic

    4. Parse the username using the regular expression - Use wild cards to parse the username

    5. Extend username lookup to authentication provider - Specifies that EFT should perform lookup of recipients in both EFT and LDAP. (Query LDAP in addition to users in EFT.) The check box is selected by default for new installations; for upgrades from versions prior to 7.4.11, the check box is cleared by default.

    6. To enable Just in Time (JIT) provisioning of users, select the check box, then specify whether users are to be created in the Default Settings Template or the Guest Users Settings Template. If enabled, EFT will auto-provision (create) authenticated users in the Globalscape authentication database if they are not already present on that Site.

  5. Click OK. Turn on "Trace" for SAMLSSO logger in logging.cfg.