Authing Docs

# Create SAML2 Identity Federation Connection

# Register an Authing account and create a new application

To use the SAML2 identity federation connection on the Authing cloud, you need to register an Authing account (opens new window) and create an application (opens new window).

# Create SAML2 Identity Federation Connection

In Application Console> Connect Identity Source> Corporate Identity Source, click "Connect SAML IdP". Create SAML2 Identity Federation Connection

Create SAML2 Identity Federation Connection

In the drawer that pops up on the right, enter a connection identifier to uniquely identify this connection.

Obtain a signed certificate from your SAML2 IdP in PEM format (opens new window) Paste it into the text box of the visa verification certificate. Fill in the information

Then in the login address and logout address input box below, enter the login address and logout address of the IdP to be connected, you can find it from the IdP.

Fill in the information

If the IdP does not provide the login URL directly, you can find it in the IdP metadata XML document.

<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/publicidp"/>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/SSOSoap/metaAlias/publicidp"/>

As shown above, if multiple URLs are provided, please fill in the URL corresponding to HTTP-Redirect, in this example: https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/publicidp , And later use the https://<connection identifier>.authing.cn/api/v2/connection/saml/<link ID> address to initiate SAML login.

Logout URL can also be found in IdP metadata XML document.

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp" ResponseLocation="https ://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/publicidp" ResponseLocation="https ://idp.ssocircle.com:443/sso/IDPSloPost/metaAlias/publicidp"/>
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.ssocircle.com:443/sso/IDPSloSoap/metaAlias/publicidp"/>

As shown above, if multiple URLs are provided, please fill in the URL corresponding to HTTP-Redirect, in this example: https://idp.ssocircle.com:443/sso/IDPSloRedirect/metaAlias/publicidp .

← Understand the SAML process →