SAML configuration for Shibboleth 3.x

PRESSERO > *Pressero FAQs
Please first refer to this article to learn about the various options for Single Sign-On that Pressero supports and also to learn about SAML (Security Assertion Markup Language). The information below is specific to just Shibboleth. Find that article here.
Note that Shibboleth is part of the generic SSO driver, the information below is somewhat basic and simple. In the generic driver, we do not have an environment for testing, so this document represents only one way a user could configure their Shibboleth. Because Shibboleth allows you to change many parameters and your iDP configuration may be totally different from the example we discuss below, you may request more support. However, if support services for your Shibboleth integration go beyond an hour or so, they will incur an hourly charge.
Example Pressero Configuration using Shibboleth 3.x SAML:
  1. In Pressero admin > Site, select the "Single Sign-On (SSO)" option in the navigation.
  2. Click the Add New Single Sign-on Provider.
  3. Create a SAML Provider. In Identity Provider field select Generic (if you don't see that option, it's because this has not been added Shibboleth to your plan. Please contact your sales rep.) Save your changes.
  4. The Single Sign-On (SSO) setup area will have sections for "Identity Provider Metadata And Service Certificate", "Configuration", and "Fields Mapping".
  5. In the Identity Provider Metadata And Service Certificate section upload the Metadata File Provided by the Shibboleth administrator and Save
  6. in the Configuration section uncheck:
    1. Response Signed
    2. Assertion is Encrypted
    3. Sign Authentication Request
    4. Assertion is Signed
  7. Save the Configuration
  8. Shibboleth use a very specific mapping for the information returned on their payload. In Fields Mappings use the Field menu and the Field Value to enter this basic configuration and click the Add to Mapping button for each of the three pairings below:
    1. Email: urn:oid:0.9.2342.19200300.100.1.3
    2. LastName: urn:oid:2.5.4.4
    3. FirstName: urn:oid:2.5.4.42
       
  9. These three will display in the Fields List. Save.
  10. In the Identity Provider Metadata And Service Certificate section, click to Download the Service Metadata (sDP) File. Send this XML file to your Shibboleth administrator.