SAML SSO Configuration
Configuration of an Identity Provider (IdP)
The following minimal set of configuration is needed for an identity provider to work with GRAVITY as a service provider:
Assertion Consumer Service (ACS) URL:
https://your.domain/gravity/services/admin/saml/login/callbackUsers who need access to the GRAVITY Admin site should be assigned a specific role (group). User’s roles (groups) should be part of the SAML response.
Signing of SAML requests is not supported yet, therefor configuration of the service provider's public certificate can be skipped for now.
Configuration of GRAVITY as a Service Provider
JSON Configuration
JSON-based configuration of the SAML SSO service to configure mapping of the SAML response claims to the system-known attributes.
“claimMapping” - mapping of IdP claims to GRAVITY-specific
"userLogin" - namespace for a claim containing a unique value which will be used as GRAVITY user login
”userName” - namespace for a claim containing a value which will be used as GRAVITY user name (optional)
“userRole” - namespace for a claim containing a list of roles (groups) assigned to the user
“roleMapping” - mapping of IdP roles (groups) to GRAVITY-specific
“adminRole” - mapping of an external role (group) to GRAVITY admin role. Users with a such role assigned will be considered as GRAVITY administrators having access to the Admin site.
“issuer” - shared identifier to let IdP identify SP from which the request is coming.
Metadata XML
XML-based description of the IdP SAML endpoint. Signing certificate and login URL are required.
Signing of SAML requests
All the requests are signed by default. Please use 'Show certificate' button to get the public key certificate to configure validation of SAML requests on IdP side.
Troubleshooting
Wrong scheme used in SAML requests.
Problem: If the GRAVITY server is hosted behind the load balancer/proxy, the real https scheme may be erroneously replaced with the http scheme.
Solution: define external server base URL (domain & context) in the server settings:
