5.8.9 SAML Authentication

SAML (Security Assertion Markup Language) is an xml-based open standard format that exchanges authentication and authorization data between an identity provider* and a service provider**.

This release supports SAML v2.0 Web Browser SSO Profile for Reflection ZFE* 2.3 or higher.

* Beginning with version 2.4, Reflection ZFE is called Host Access for the Cloud.

Configuring Management and Security Server (MSS) to use SAML is a multi-step process.

In general, you must:

• 1. Configure MSS as a SAML service provider.
• 2. Download or access the service provider’s metadata from MSS.
• 3. Export the service provider’s metadata into the identity provider.
• 4. Map the identifier source.
• 5. Configure the SAML whitelist.
• 6. Configure LDAP, when used for authorization.
• Follow the SAML Configuration steps.
• 

•  * identity provider: the server that issues SAML assertions and performs authentication on behalf of the service provider.
•  ** service provider: the web server from which you access information or services. MSS acts as the service provider.