Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Last Updated:

Lastupdatedate

Livesearch
placeholderSearch the Vibes Developer Wiki
typepage



Vibes exposes a SAML 2.0 Service Provider that aims to implement the Service Provider Lite profile. Assuming you are familiar with the SAML 2.0 protocol, you can find more details in the following sections.

The Vibes SAML Service Provider

  • The metadata endpoint for Vibes SAML Service Provider is: https://auth.vibescm.com/saml/sp/<partner<customer_federation_id>/metadata. The metadata is signed.
  • The entityID Vibes uses is https://auth.vibescm.com/saml/sp/<partner<customer_federation_id>.
  • The identifier Vibes expects back is the email address of the user, for example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. If your users don't have a unique email address, contact your Vibes account manager to discuss a custom solution.
  • The certificate embedded in the signed metadata is signed by the Vibes internal certification authority, the self-signed certificate called vibesca.crt, which is attached to this page.
    If you wish to validate the metadata signature using a full certificate chain, you can import the vibesca.crt Vibes CA certificate into your system's trusted CA certificate store.

Supported Features

  • Web SSO:
    • AuthnRequest - HTTP Redirect Binding.
    • AuthnRequest - HTTP POST Binding.
    • SAML Assertion - HTTP POST Binding.
  • XML Signatures:
    • Metadata XML.
    • AuthnRequests.
    • SAML Assertions.
  • Encrypted Elements:
    • Vibes supports encrypted elements in SAML Assertions.

User Timeouts

Vibes' user timeout period is 24 hours of inactivity. After 24 hours of inactivity, Vibes will re-authenticate with the Partnercustomer's identity provider. 

Additional Validations and Restrictions

Only users that are configured for third-party Authentication authentication will be accepted from the Partner Identity Providercustomer identity provider. Other users will receive an invalid Authorization authorization error.

Setting up SAML integration

SAML integration is driven by Vibes white-label solution for Partners, and associated with the white labeled domain names set up with Vibes. To get set up , you need to your SAML integration, please provide Vibes with the following:

  • Your white label domains. For example: campaigns.mypartner.com and page.mypartner.com.
  • The metadata endpoint for your SAML IdP. For example: https://sso.mydomain.com/saml/metadata.
  • Optionally, the fingerprint of your signing certificate if you would like Vibes to verify it independent of the certificate or fingerprint provided in your IdP's metadata.

Once setup has been completed on Vibes' side, Vibes will direct users coming to your white label domain to be authenticated through your IdP. View filenamevibesca.crtheight150