Federated Authentication in QPR UI
Jump to navigation
Jump to search
QPR MobileDashboard supports Single sign-on login via federated identity providers (e.g. Shibboleth and Microsoft Active Directory Federation) that support the Security Assertion Markup Language (SAML) 2.0.
The preferred way to enable Single sign-on is to define the following entries using the QPR MobileDashboard installer. The entries can also be added to the CONFIGURATIONENTITY table in the QPR MobileDashboard database after installing QPR MobileDashboard.
| KEY_FIELD | VALUE_FIELD |
|---|---|
| SAML_CONSUMER_URL | "<Location of your QPR MobileDashboard installation>/EnticeServices/rest/authenticate/saml", e.g. "http://localhost:8080/EnticeServices/rest/authenticate/saml". This is the corresponding field for the "SAML consumer URL" in the Federated Authentication Configuration step of the installation. |
| SAML_METADATA_URL | "<The metadata URL of the identity provider>", e.g. "https://your.federated.identity.provider.com/saml/metadata". This is the corresponding field for the "Federation metadata URL" in the Federated Authentication Configuration step of the installation. |
| SAML_SERVER_ENTITY_IDENTIFIER | "<The server entity identifier URL>", e.g. "http://your.federated.identity.provider.com/services/trust". This entry is used if the metadata contains multiple server entries. This is the corresponding field for the "Server entity identifier" in the Federated Authentication Configuration step of the installation. |
| SAML_USER_ID_ATTRIBUTE | The name of the SAML attribute in the assertion that will be used as the user's login name, e.g. "loginname". If the attribute is not given, the NameID of the SAML subject is used. If the user login name in your QPR Suite is the user's email address, the attribute definition is usually not needed. This is the corresponding field for the "User id attribute" in the Federated Authentication Configuration step of the installation. |
An alternative way is to is to define the following entries using the QPR MobileDashboard installer. The entries can also be added to the CONFIGURATIONENTITY table in the QPR MobileDashboard database after installing QPR MobileDashboard.
| KEY_FIELD | VALUE_FIELD |
|---|---|
| SAML_CONSUMER_URL | "<Location of your QPR MobileDashboard installation>/EnticeServices/rest/authenticate/saml", e.g. "http://localhost:8080/EnticeServices/rest/authenticate/saml". This is the corresponding field for the "SAML consumer URL" in the Federated Authentication Configuration step of the installation. |
| SAML_REDIRECT_URL | "<The redirect URL of the identity provider>", e.g. "https://your.federated.identity.provider.com/saml/http-post/sso". This is the corresponding field for the "Federated authentication provider's redirect URL" in the Federated Authentication Configuration step of the installation. |
| SAML_SIGNING_CERTIFICATE | "<X.509 Certificate>". This is the corresponding field for the "Federated authentication provider's signing certificate" in the Federated Authentication Configuration step of the installation. |
| SAML_USER_ID_ATTRIBUTE | The name of the SAML attribute in the assertion that will be used as the user's login name, e.g. "loginname". If the attribute is not given, the NameID of the SAML subject is used. If the user login name in your QPR Suite is the user's email address, the attribute definition is usually not needed. This is the corresponding field for the "User id attribute" in the Federated Authentication Configuration step of the installation. |