Platform | Version |
---|---|
Core Platform | 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 2018.10 |
Security Assertion Markup Language (SAML) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties. In particular, between an identity provider and a service provider. SAML is one of the most popular technologies used to implement single sign-on for web-based applications. To authenticate users with SAML, you need a federation server that supports this technology.
Currently, the Acrolinx SAML implementation works exclusively with the PingFederate® server from Ping Identity. You must have a PingFederate server installed and running before you configure the Acrolinx server. If you don't have a PingFederate server, we can work with our hosting provider Rackspace to set one up for you. Contact your Acrolinx project consultant for more details.
Your PingFederate server must also have a connection to an identity management service such as Centrify, Okta, or OneLogin.
How Enable SAML Authentication with PingFederate
To enable SAML authentication with PingFederate, follow these steps:
Normalized Usernames
We generally normalize usernames, even with external authentication like PingFederate. This means that we keep every character that falls under the following unicode categories:
- Pc (CONNECTOR_PUNCTUATION)
- Mc (COMBINING_SPACING_MARK)
- Mn (NON_SPACING_MARK)
- Nd (DECIMAL_DIGIT_NUMBER)
- Lu (UPPERCASE_LETTER)
- Ll (LOWERCASE_LETTER)
- Lt (TITLECASE_LETTER)
- Lm (MODIFIER_LETTER)
- Lo (OTHER_LETTER)
- Nl (LETTER_NUMBER)
- or is "@", ".", or "-"
All other characters get replaced by "_".
Note that identical normalized usernames could lead to losing or overwriting user settings.