Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Form.com and Key Survey applications application can be configured to allow the Single Sign-On via SAML 2 using Service Provider (SP) initiated POST binding scheme. (http://en.wikipedia.org/wiki/SAML_2.0#HTTP_POST_Binding). This document describes the configuration settings in the application and on the Identity Provider side that should be made to make SAML Single Sign On possible. Please read the article for more details

Panel
borderColor#e69600
borderWidth2
borderStylesolid

Please note that when SAML is used, the user must exist in the application database. So before the user

may

can authenticate, a user record must be created in the application with the User Login matching the User ID returned by the Identity Provider. Depending on the type of the user, one of the following methods may be used to add users

into

to the application:

This article describes the configuration settings in the application and on the Identity Provider side that should be made to make SAML Single Sign On possible. 



Note
  • When configuring the Contact Manager and the Portal in the Form.com application, ensure that the column with the “User-Principal-Name” is present in the Contact Manager and that this column is used as a “Login” field in the Portal.

Application Configuration

If your account type is Branded/ Private Label, the parameters below have to be provided to FORM. If you have a Self-Hosted instance of the application, these parameters have to be added to the config.properties file of the application.

EXTERNAL_AUTH.SURVEY=SAML2
SAML2_IDP_NAME.SURVEY=<IDENTITY_PROVIDER_NAME>
SAML2_SP_NAME.SURVEY=<SERVICE_PROVIDER_ IDENTIFIER>
SAML2_IDP_CERT.SURVEY=-----BEGIN CERTIFICATE-----<CERTIFICATE_PUBLIC_KEY>-----END CERTIFICATE-----
SAML2_IDP_URL.SURVEY=<AUTHENTICATION_URL>where:

Replace a tag with the following 

Tag Replace with
<IDENTITY_PROVIDER_
NAME> - replace the tag
NAME>Replace it with a name of the identity provider.
 For
For example, COMPANYIDP
<SERVICE PROVIDER IDENTIFIER>
- replace
Replace the tag with the WORLDAPPSP value.
<CERTIFICATE_PUBLIC_KEY>
 -
replace the tag with a certificate public key provided by the identity provider.
<AUTHENTICATION_URL> specify a URL to the authentication page on the identity provider. Users will be redirected to this page when they try to access a resource that requires authentication without an active session.
note
 


Panel
borderColor#e69600
borderWidth2
borderStylesolid
<CERTIFICATE_PUBLIC_KEY>- this parameter should have multiple lines in the config file. Every line must end with "\n\", except for the line where certificate ends
<AUTHENTICATION_URL> - specify a URL to the authentication page on the identity provider. Users will be redirected to this page when they try to access a resource that requires authentication without an active session

Response from Identity Provider

The application is expecting one user parameter in return from the identity provider - NameID, which must match the login name of a user in the FORM system. If the system cannot find the user with such login name, HTTP 401 error response will be sent to the user. 

Single Sign-On Configuration Documentation

Key Survey

Below you may find the PDF documents Here is the PDF document with the full description of Single Sign-On configuration:

  • Form.com
  • .

    Configuring the Contact Manager and the Portal

    Panel
    borderColor#e69600
    borderWidth2
    borderStylesolid

    When configuring the Contact Manager and the Portal in the Form.com application, ensure that the column with the User-Principal-Name is present in the Contact Manager and that this column is used as a Login field in the Portal.

    Image Added    Image Added




    HTML
    <iframe src='https://app.form.com/f/564296/208f/?LQID=1&Pagetrack=SAML Configuration for Self Hosted Applications&PageURL=https://help.worldapp.com/x/lAAz' frameborder="0" width="380" height="360"></iframe>

    ...