SSO configuration

SSO Properties (app.sso)

enabled - To enable sso support
login-auto-submit - Stay on login form or try to submit it immediately after rendering
first-name-prop-name - Mapper field name for “First Name” to retrieve from IdP (‘firstName’ by default)
last-name-prop-name - Mapper field name for “Last Name” (‘lastName’ by default)
phone-number-prop-name - Mapper field name for “Phone Number” (‘phoneNumber’ by default)

SSO SAML2 Configuration (app.sso.saml)

entity-id - ID of the Service Provider (should be {whitedoc_backend_url}/saml/metadata)
idp-metadata - URL to Identity Provider metadata or Path to metadata file
max-authentication-age-sec - Sets maximum time between users authentication and processing of an authentication statement (1 week by default)
keystore.location - Path to JKS file with signing certificate
keystore.alias - Alias of the certificate
keystore.password - Password of the certificate
Each property can be set via ENVIRONMENT property by replacing ‘.’ with ‘_’ and in upper case, see examples:

How to set up IdP SSO

  • Create new SAML application on IdP

  • Set ACS URL {whitedoc_backend_url}/saml/SSO

  • Set Entity ID {whitedoc_backend_url}/saml/metadata

  • Set Sign Assertion = true

  • Set Name ID format = EMAIL

  • Add attribute mappings for First and Last names

  • Copy IdP Metadata URL or the xml file and set to {app.sso.saml.idp-metadata}