Skip to main content

Supported SAML Flows

Overview

You can configure the following SAML flows:

  • SAML Flows for Authentication
  • SAML Flow for Session Upgrade
  • SAML Flows for Logout

Configuring flows other than the ones above is not supported.

For information on how to configure the corresponding patterns, see:

  • Setting Up a SAML Identity Provider (IDP)
  • Configuring SAML Authentication for a Web Application (SP)

The patterns generate a configuration for nevisAuth, in particular for AuthState elements. This means that the nevisAuth documentation for these AuthStates applies as well. In some cases, you may not be able to configure certain AuthState properties via the patterns. If you run into such issues, raise a support ticket and explain your use case.

Sample Setup

To describe the supported SAML flows, we use the following sample setup with two domains:

  • http://www.siven.ch
    • Hosts a web application that requires authentication.
    • Authentication is enforced by a SAML Service Provider (SP).
  • http://sso.siven.com/
    • Provides Single-Sign-On (SSO) for applications.
    • Hosts the SAML Identity Provider (IDP).

Nevis acts both as SP and as IDP. But you can also use Nevis just for one party. For example, if the web application supports SAML out-of-the-box, the use of Nevis for the SP may not be required. However, Nevis can provide added value:

  • Perimeter authentication
    • Authentication (and authorization) can be enforced by nevisProxy before the request reaches the application.
  • Support for multiple IDPs
    • The IDP may be determined automatically based on complex custom criteria (for example, the source IP of the user or the current URL).
    • Support for IDP selection by the user is not available yet. Contact Nevis if you are interested in this feature.