SSO

We provide seamless Single Sign-On (SSO) integration for both private cloud environments and on-premises installations. Our solution ensures secure, streamlined access, enhancing user experience and simplifying identity management across various platforms.

In order to set up SSO, please provide the following information:

  1. Do you use only the web client or the desktop client as well?

  2. Please share with us the XML file containing IdP federation metadata

  3. Furthermore, we need the configuration of aqua as an SP (Service Provider), giving it a unique EntityId (e.g. aqua), with following back-urls:

  • http[s]://aqua-server/aquaweb/Account/saml2-acs as AssertionConsumerService

  • http[s]://aqua-server/aquaweb/Account/saml2-logout as SingleLogoutService

  • where http[s]://aqua-server/aquaweb/ is the url where aquaWebNG is deployed and accessible.

To integrate properly, clarify which attribute in the SSO response (/samlp:Response/saml:Assertion/saml:AttributeStatement/ section) will contain the aqua username. This is usually uid, but it depends on the actual SAML 2.0 SSO configuration.

We recommend enforcing HTTPS for all communications. Although both HTTP and/or HTTPS links can be configured based on customer deployment, HTTPS should be prioritized.

Last updated