Plugins - SAML - auth-saml

    XOA - Plugins - SAML

    SAML configuration will require both an Identity provider and a service provider.
     - Identity Provider ( Authentication ) ( Azure, Google, Dou ,Okta etc.)
     - Service Provider ( Authorization ) - ( Xen Orchestra )
    SAML Alternatives include:
    - Github auth
    - Google auth
    - LDAP auth
    - OpenID Connect

    https://xen-orchestra.com/docs/users.html#saml

    SAML authentication plugin for XO-Server
    XOA > Settings > Plugins > auth-saml
    Select the + icon to the right to expand the configuration


    ---

    callbackURL:

    When registering your instance to your identity provider, you must configure its callback URL to https://<xo.company.net>/signin/saml/callback
    <xo.company.net> is the DNS record for your XOA instance.
    The Callback URL in SAML is often referred to by several other names depending on the platform or documentation. Here are common alternative names for Callback URL:
     - Assertion Consumer Service (ACS) URL
     - SAML Consumer URL
     - SAML Endpoint
     - Service Provider (SP) Response URL
     - Single Sign-On (SSO) URL
     - Recipient URL
     - Postback URL


    ---

    Certificate:

    This certificate will come from the identity provider


    ---

    Entry point:

    The Entry Point is the URL where the Service Provider (SP) redirects users to authenticate with the Identity Provider (IdP). It's the first step in the SAML authentication flow where users are sent for login.
    The Entry Point is found in the Identity Provider's configuration or documentation.
    The Entry Point in a SAML authentication context is also known by various other names. Here are the common alternatives:
     - Identity Provider (IdP) SSO URL
     - SAML Login URL
     - IdP Endpoint
     - Single Sign-On (SSO) Endpoint
     - IdP Initiated URL
     - Authentication URL
     - Login URL


    ---

    Issuer:

    The Issuer is a unique identifier for either the Identity Provider (IdP) or the Service Provider (SP), depending on the context. It's used in SAML assertions to verify the source of the authentication request or response.
    Issuer: xen-orchestra
    The Issuer in SAML can also be referred to by other names depending on the context or platform. Common alternatives for Issuer include:
     - Entity ID
     - IdP Entity ID
     - Provider ID
     - SAML Issuer
     - SAML Entity ID
     - Identity Provider Identifier


    ---

    Username field:

    In SAML, the NameID format determines how the username or user identifier is passed. The email address field is often found in claims like:
    The Username field in a SAML context can also be referred to by several other names or attributes, depending on the platform or implementation. Some common alternatives include:
     - NameID
     - User Principal Name (UPN)
     - SAML Subject
     - Login ID
     - Email Address
     - Account Name
     - Principal Name
     - User Identifier (UID)

    ---
    Troubleshooting

    log information can be retrieved from systemd journal for the xo-server service.
    journalctl -u xo-server
    Published