SAML configuration examples

CloverDX Server > Administration > Users and Groups > SAML Authentication > SAML configuration examples

Example of SAML configuration without using metadata file

If your Identity Provider does not provide a SAML Metadata file or you want to manually configure the feature, you will need to configure the following properties:

security.saml.idp_entity_id
security.saml.idp_sso_service_url
security.saml.idp_x509cert

While not a required property, in order for the Single Logout functionality to work you also need to configure service URL of it using: security.saml.idp_slo_service_url

# Enable SAML SSO by adding SAML to allowed authentication domains
security.authentication.allowed_domains=clover,SAML
# Configure clover server running at http://clover-server:8080/clover as a Service Provider".
security.saml.sp_entity_id=https://example.com/example-app
security.saml.sp_assertion_consumer_url=http://clover-server:8080/clover
# Set Identity Provider ID
security.saml.idp_entity_id=https://sts.windows.net/{tenantid}/
# Set the Single Sign-on service URL
security.saml.idp_sso_service_url=https://login.microsoftonline.com/common/saml2
# Set the X509 certificates (Base64-encoded DER format)
# required
security.saml.idp_x509cert=MIIDBTCCAe2gAw ... SryT2SUk
# optional
security.saml.idp_x509cert_multi.0=MIIDBTCCAe2gAw ... SryT2SUk
security.saml.idp_x509cert_multi.1=MIIC8TCCAdmgAw ... 5432GA==
# Set the Single Logout service URL
# optional
security.saml.idp_slo_service_url=https://login.microsoftonline.com/common/saml2

# Do not send LogoutResponse back to Azure AD, it does not expect it security.saml.send_logout_response=false

Example of overriding SAML configuration acquired from metadata file

The following properties have priority and override the SAML configuration acquired from the metadata file.

security.saml.idp_entity_id
security.saml.idp_sso_service_url
security.saml.idp_x509cert
security.saml.idp_slo_service_url

# Enable SAML SSO by adding SAML to allowed authentication domains
security.authentication.allowed_domains=clover,SAML
# Configure clover server running at http://clover-server:8080/clover as a Service Provider".
security.saml.sp_entity_id=https://example.com/clover-local
security.saml.sp_assertion_consumer_url=http://clover-server:8080/clover
# Setting metadata URL automatically configures the Identity Provider to be used for SAML SSO
security.saml.idp_metadata_url=https://login.microsoftonline.com/common/FederationMetadata/2007-06/FederationMetadata.xml
# Override the Identity Provider ID
security.saml.idp_entity_id=https://sts.windows.net/{46-id-example}/
# Do not send LogoutResponse back to Azure AD, it does not expect it
security.saml.send_logout_response=false