Skip to content
Documentation

SAML Authentication

SAML Authentication Integration Flow

The procedure for integrating SAML authentication in a WebPerformer-NX application is as follows.

  1. Click the SP Info icon at the top of the User Manager screen.

  2. Select SAML

  3. Confirm the Single Sign-on URL and Audience URI, and set them to the external IdP.

Setup for OktaSetup for Azure AD
Single Sign-on URLEnglish:Single Sign on URL
Japanese:シングルサインオン URL		English:Reply URL (Assertion Consumer URL)
Japanese:応答 URL
Audience URIEnglish:Audience URI
Japanese:オーディエンス URI		English:Identifier (Entity ID)
Japanese:識別子

  1. Retrieve SAML metadata documents from external IdPs.
    • For Azure AD

    1. Open the single sign-on page of the application which is being created

    2. Click on the download link for the “Federation Metadata XML” of the SAML certificate

    3. Save the downloaded XML file

    • For Okta

    1. Open the SignOn tab of the application being created.

    2. Click Actions under SAML Signing Certificates.

    3. Click View IdP metadata.

    4. An xml file will open in a new window. Right click on the browser and click "Save As" to save the file.

  2. Register an identity provider.

  3. Place a push button from the component list as a button for external authentication on the sign-in screen (Sign In ID) of the authentication UI.

  4. Open the properties screen of the button for external authentication placed in step 6, and set the following.

    • Select "IdP" from the click event.
    • Enter the name of the identity provider registered in step 5 in the “IdP” field.

  5. Save the sign-in screen (Sign In ID) of the authentication UI.

Identity Provider Registration

  1. Click the Create icon in the upper right corner of the screen.

  2. Select SAML.

  3. Enter the Identity Provider information.

ItemInputDescription
Identity Provider NameRequiredUse any name except single-byte spaces, underscores, and commas.
The maximum number of characters is 32.
MetadataRequiredUpload metadata documents obtained from external IdP.
Attribute MappingRequiredSet up a mapping between user attributes and SAML attributes.
User attributeSAML attributeRequired
Email(Enter SAML attribute name)
Name(Enter SAML attribute name)
custom:custom_01(Enter SAML attribute name)
custom:custom_02(Enter SAML attribute name)
custom:custom_03(Enter SAML attribute name)
custom:custom_04(Enter SAML attribute name)
custom:custom_05(Enter SAML attribute name)
custom:custom_06(Enter SAML attribute name)
custom:custom_07(Enter SAML attribute name)
custom:custom_08(Enter SAML attribute name)
custom:custom_09(Enter SAML attribute name)
custom:custom_10(Enter SAML attribute name)


Be sure to map the SAML attribute that maps to the user attribute [email] to the attribute for which email information is registered.
Sign out flowRequiredPlease set [ON] or [OFF].
If [ON], sign-out flow setting is required for external IdP.
  1. Click the "Add" button.
  2. The added Identity Provider will appear in the IdP list.

Setting up a sign-out flow

SAML authentication allows you to configure a sign-out flow.

• For Azure AD 1. Open the single sign-on page for the application being created. 2. Set Logout URL to the logout URL in the basic SAML configuration.

• For Okta 1. Open the SignOn tab of the application being created 2. Upload the Signature Certificate downloaded from the Vertical Three Point Reader to the right of the IdP name in the IdP list 3. Check the Enable Single Logout item 4. Set Logout URL to Single Logout URL after logout. 5. Set Audience URI to the SP Publisher. 6. Click Actions under SAML Signing Certificates. 7. Click View IdP metadata. 8. 8. An xml file will open in a new window, right click on the browser and save the file using Save As. 9. Upload the metadata again.