Security Assertion Markup Language (SAML) is an open standard for exchanging authentication and authorization data between parties—in particular, between an identity provider (IdP) and a service provider.
ECS supports IdPs such as ADFS and others that provide a full SAML 2.0 response, enabling federated users to access ECS resources.
Figure 8. SAML based federation support
SAML-compliant provider setup
Perform the following steps to use ADFS as a SAML-compliant IdP. ECS is the service provider.
- Download the Identity Provider (ADFS) metadata file. The default URL to download ADFS metadata is https://[servername]/FederationMetadata/2007-06/FederationMetadata.xml.
- Upload the downloaded metadata xml file when creating Identity provider for a namespace.
- Create the IdP in the ECS portal:
- Go to Manage > Identity and Access (S3) > Identity Provider.
- Select a namespace.
- Click NEW IDENTITY PROVIDER.
To establish a trust relationship between ECS and ADFS, an ECS metadata xml file is required.
To create the ECS metadata file, base64 encoded Java keystore, alias that is used for the key and password is required.
- Create the ECS metadata file:
- Go to Manage > Identity and Access (S3) > SAML Service Provider Metadata.
- Provide the required information and download the metadata file.
- Establish a trust relationship between ECS and ADFS using the downloaded ECS metadata file.
- Add claim rules in ADFS to add the required elements, such as NameId, RoleSessionName, and Roles, to the SAML authentication process.