Editing a SAML Dynamic Auth Provider with AdminUI
Once loaded you will be directed to the details tab by default. The SAML tabs to view and edit are:
Details Tabpage for managing general information about the SAML provider
SPpage for managing the Service Provider
IdPpage for managing the Identity Provider
Details tab is where you will be able to view the "Scheme" of the dynamic provider along with modify the following elements:
Enableda switch to enable and disable the provider
Display Namea name used to identify the provider in the login screen
Sign In Schemean identifier for the authentication scheme that will be used on signing in
Different Sign Outa switch to enable and disable the use of a different Scheme on signing out
Sign Out Scheme(optional) an identifier for the authentication scheme that will be used on signing out
Time Comparison Tolerancea number of seconds used during SAML protocol validation. Allows time comparison checks to be inaccurate by this number of seconds.
In these subtabs, you can configure the Service Provider:
SP Details tab is where you configure the paths and the Entity ID of the Service Provider:
SP Entity IDa name that uniquely identifies this SAML authentication
SP Metadata Patha path to access the Service Provider metadata. It must start with '/federation/'
Callback Path (ACS endpoint)a path to redirect an authenticated user after sign-in. It must start with '/federation/'
Signed out Callback Patha path to redirect a user when signed out. It must start with '/federation/'
SP Request tab is where you configure the signing certificate.
Sign authentication requestsa switch to enable and disable the signing of generated requests
Add Certificatea button that opens a modal to store the certificate for signing in requests
SP Response tab is where you configure the encryption certificate.
Require signed assertionsa switch to enable and disable validation for signed assertions
Require encrypted assertionsa switch to enable and disable the validation for encrypted assertions
Add Certificatea button that opens a modal to store the certificate for encrypted assertions on incoming responses
In these subtabs, you can configure the Identity Provider:
IdP Details tab is where you point to the external Identity Provider metadata.
Require valid metadata signaturea switch to enable and disable validation for metadata signatures
IdP metadata addressthe address to the Identity Provider metadata document. It has a button to verify whether the address is reachable and that contains a well-formated metadata.
IdP Advanced tab is where you can turn on and off the "Allow Idp Initiated Sso" option.
Allow Idp Initiated Ssoa switch to enable and disable permission to initiate single sign-on by the Identity Provider (It's not recommended).
In the edit screen there are two options available, these are described below:
Save AllOnce valid changes have been made this button should be clickable and it will save the changes made in all 3 of the tabs.
DeleteWill completely remove the provider from IdentityServer