Last Updated: Tuesday, November 5, 2019
Vibes exposes a SAML 2.0 Service Provider that aims to implement the Service Provider Lite profile. Assuming you are familiar with the SAML 2.0 protocol, you can find more details in the following sections.
The Vibes SAML Service Provider
- The metadata endpoint for Vibes SAML Service Provider is: https://auth.vibescm.com/saml/sp/<customer_federation_id>/metadata. The metadata is signed.
- The entityID Vibes uses is https://auth.vibescm.com/saml/sp/<customer_federation_id>.
- The identifier Vibes expects back is the email address of the user, for example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. If your users don't have a unique email address, contact your Vibes account manager to discuss a custom solution.
- Web SSO:
- AuthnRequest - HTTP Redirect Binding.
- AuthnRequest - HTTP POST Binding.
- SAML Assertion - HTTP POST Binding.
- XML Signatures:
- Metadata XML.
- SAML Assertions.
- Encrypted Elements:
- Vibes supports encrypted elements in SAML Assertions.
Vibes' user timeout period is 24 hours of inactivity. After 24 hours of inactivity, Vibes will re-authenticate with the customer's identity provider.
Additional Validations and Restrictions
Only users that are configured for third-party authentication will be accepted from the customer identity provider. Other users will receive an invalid authorization error.
Setting up SAML integration
To get set up your SAML integration, please provide Vibes with the following:
- The metadata endpoint for your SAML IdP. For example: https://sso.mydomain.com/saml/metadata.
- Optionally, the fingerprint of your signing certificate if you would like Vibes to verify it independent of the certificate or fingerprint provided in your IdP's metadata.
Once setup has been completed on Vibes' side, Vibes will direct users coming to your white label domain to be authenticated through your IdP.