LDAP/SAML Authentication

Owned by Joseph Hamdan
Last updated: May 07, 2024
3 min read

LDAP (Lightweight Directory Access Protocol) and SAML SSO (Secure Assertion Markup Language - Single Sign On) authentication protocols are supported by Subject7. To add your authentication server information, follow these steps:

  1. Log into an admin user on the platform

  2. Hover over Administration menu and click Account Preferences

  3. Click Authentication Providers tab

  4. Click Maintenance Mode icon on the top right to activate Maintenance Mode.

    image-20240507-115649.png

     

For on-premise installations, the environment parameters need to be specified to enable support of additional authentication methods. Support of LDAP authentication is controlled by ‘AUTHENTICATION_LDAP_ENABLED’ parameter, SAML - by ‘AUTHENTICATION_SAML_ENABLED’ parameter. To enable an authentication the value ‘true’ need to be specified for corresponding parameter in the {PROOF_ROOT}/conf/proof.env file. E.g following configuration enables both authentication methods:AUTHENTICATION_LDAP_ENABLED=trueAUTHENTICATION_SAML_ENABLED=true

  1. The dropdown list next to Authentication Type will be activated. Select either LDAP or SAML

    image-20240507-115954.png

  2. Enter the authentication server information. The below is an example for LDAP:

     

  3. Once finished, click Save. You can also click Test Connection on LDAP to verify that the connection is successful

  4. If you are going to activate SAML, you will need to provide your IT admin with the below information:

    1. Identifier (Entity ID): https://platform.subject7.com/rs/sso/saml/metadata/{tenant_name}

    2. Reply URL (Assertion Consumer Service URL): https://platform.subject7.com/ssoSaml.zul?registration-id={tenant_name}

    3. Sign on URL: https://platform.subject7.com/ssoSaml.zul?registration-id={tenant_name}

Your Tenant Name is listed under Account Preferences > Authentication Providers

  1. Once your IT admin confirms completion, they should provide you with similar information to the below which will need to be filled on the platform.

     

  2. Once finished, click Save. You can also click Validate to verify that the X509 certificate is valid.

  3. From Account Preferences, click the Maintenance Mode icon again to disable it or click the link on the top right

  4. Log out of the user to be directed back to the log in page. From there, click either LDAP or SAML

  5. Before logging in, you will need a Tenant Name which will be provided by Subject7. For LDAP, logging in will be performed on the platform, while for SAML, logging in will be performed on the page provided by the authentication server

  6. For LDAP, click Login after entering your Tenant Name, Username and Password

     

  7. For SAML, enter the Tenant Name and click Login. You will be directed to the login page to enter your username and password.

     

  8. After logging in, notice that Change Password option will be disabled here. If you would like to change your password, you will need to check with the authentication server admin to change it.