SAML Sign On
Prolaborate V5 is SP initiated or IDP initiated?
Prolaborate V5 supports Service Provider (SP) initiated SAML logins. It will not support if SAML login is IDP initiated.
Why Prolaborate support SP Initiated flow?
In Prolaborate V5 the reason why we opted for SP-initiated is because of security reasons. As IDP-initiated authentication is inherently less secure than SP-initiated authentication because the Service Provider is receiving an unsolicited authentication request from the Identity Provider, and there’s no way for the Service Provider to detect if the request has been spoofed or hacked by an unauthorized user. Stealing a SAML Assertion in this way is called a “man in the middle” attack.
Authentication flows that begin with the Service Provider are inherently more secure than those that begin with an Identity Provider. Hence, we developed Prolaborate V5 in such a way to follow the SP-initiated (Service Provider initiated) flow for the SSO login
Can the same SAML SSO Account be used for Prolaborate and EA?
When it comes to user management, the best option is to integrate EA and Prolaborate with a Single Sign On (SSO) tool to enable users who need both EA and Prolaborate to login with the same credentials.
Why are user entries duplicated in User Management?
If duplicate entries are seen in User Management post upgrading Prolaborate from version 3 to version 5.x, then changes have been done on the ADFS SAML configuration in Prolaborate. Copy and paste the below mentioned URL in respective Attribute mapping fields in SAML Single Sign On configuration page.
First Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Last Name | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
After making the changes, restart the Prolaborate Services. Then log in with the SSO user and check the entries.
What group values can be used to configure group restrictions in Prolaborate SAML configurations?
The group values used to configure group restrictions in Prolaborate SAML configurations depend on the setup in the Identity Provider (IDP). You can configure group restrictions using one of the following group values: Group ID, Group Name, or Links. The choice of value is determined by the IDP configuration.
Can Prolaborate integrate with any SAML 2.0 compatible Identity Providers (IDPs)?
Prolaborate supports integration with identity providers that are compatible with the SAML 2.0 protocol. While specific identity providers may not have been explicitly tested with Prolaborate, it is possible to integrate with any identity provider that follows the SAML 2.0 protocol.
For detailed information and a list of tested IDPs click here