Promoted articles
- Exporting and Downloading Organization and Session Files
- Downloading Data using the Export Hub
- Release Notes v2.24
- Poster Sessions
- Talk Now for Poster Sessions
- How to use Keys to translate Meeting Names and Desktop Headers
- Creating Keys to Translate Meeting Names and Desktop Navigation
- Unpublishing an App from the Android App Store
- Removing an App from the Apple Store
Pathable SAML SSO Follow
If there is an identity provider that works with SAML protocol, it's possible to connect it to the Pathable system (service provider), and let attendees access Pathable's event using a 3rd party credentials. SAML 2.0 must be enabled at the supervisor level, and in admin dashboard > Settings > API configure the fields listed below, to make the SSO start working for Pathable's event.
- Single-Sign-On Options - let only the "App" option, this SSO strategy is only applicable for the attendees to access Pathable's event site.
- Entity ID - it's the metadata URL from the IdP server.
The metadata file looks something like this, it's basically an XML file:
- Primary Key
- Certificate
The Primary key and the certificate are keys that the client needs to generate and set up in these fields. The data looks like:
-----BEGIN PRIVATE KEY-----
MIICrgIBZrZNBgkqhkiG9w0BZQEPZZSCZmZwggJcZgEZZoGBZKZN5LPPnrgSqKV0
Iz02VR/+Hrs2i6/5EsH0ZjQX6ogGRI13vSrqiSOwhp0xZZnpbP6QPKbPBZbTH0WZ
V1CUpZECPP+K3wvlNZergkWmzVpPT0NrXHkZ9pc5uWxuqOKkL8TUj9NZiPLK3Nmi
w2P3rhRJxEnuPXP3MZ1ePEH2HKG1ZgMBZZECgTBs7wPUHT0Pv65uCLProXWrp3z8
lTBnZBrS4SPVUQ8kSHUH0rLxZHSH0xc4WIUurG3Eq5PWHKPrMQ/rBbgGrrL8xiXr
z0WipoTJVv8IsrGRkzurH6ZHLukrrX0X/6JP5sRH7j4h4TecZrST7r+iIKgGpP92
oIhT1EerZpCPM/5rQQJBZNwhBr1EoqpuPrr5NPsjHLrbIvk1Bo2THrlG7GqZH0iZ
TH2H/PESoQHPZ6LroPCXZu5Iucj9/w4HC10I6N/H/SsCQQrBsez7T/6rmQri7Zi0
H4Q3gXrp4NlXJQRrqvEHPu7INeIR0HWr9wqZVPPxc/HiPrVzJQN7xKxvE626IRlc
3STPZkZPoHrXUcCQeI/ETTkHpE28jBrHIqZuHlc3CzPWZuPZLJ/jGSrWzNPOxo+X
RPPq3HWP2PrZZJr1NsursrK2OGlNZkEZqrl2wG24m+HUjqiZgwIMBZUhknHlbolI
vrh+ZJHRSvN5Z84S1krVxQH76Emx3497qIiSEPGMbWBi9w/+LigHswJZZ/QS5EbP
2+zXE5mP0KENVnxrupv+II4bZU7PPHxCKWHkwrz+oZXh3hPPPxHO7+6srcQCnrx9
zxuTlwZWvP5Q0w==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
RIICEDCCAbRgAwIBAgIBADANBgkqhkiG9w0BAQ0FADBFRQswCQTDVQQGEwJ1czEQ
RA4GA1EECAwHE2VhdHPsZTEPRA8GA1EECgwIEGF0aGFibGEyETAPBgNVBARRCHBh
dGhhTRylRB4yDTIyRDkyNTE4NTATRloyDTITRDkyNTE4NTATRlowPTELRAkGA1EE
BhRCdyRyEDAOBgNVBAgRB1NlTyP0bGEyETAPBgNVBAoRCFBhdGhhTRylRPEwDwTD
VQQDDAhwTyPoTWJsZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgTkCgTEApo3ksE+c
OBKopyQjPTZVH/62EzaLP/kST3PqNBfqiAZEjye9IOqJI7CGnTEBqelsypAEpt8F
ltgfPZlyEJSlkQIEy4PfC+E1l6ECPabNWl/LQ11cePP2lzR5bG6o4qQvzJSP01RI
8sPc2aLDTycOFEnESe4VcycynV48S3ZRobECAwEAAaNQRE4wHQTDVP0OBBTEFGiO
Ano0Hn+7ehEGytzvh9KTWFPnRB8GA1EdIwQTRBaAFGiOAno0Hn+7ehEGytzvh9KT
WFPnRAwGA1EdEwQFRARBAf8wDQTJKoZIhvcNAQENBQADgTEAEwLO/nOwqTigw8Qf
p66W+TNaQZziavK/zRHIZgSaBzEhgwTEpTD7QPbaFtveR6VOZqP29TTTIA28liOt
62Ec/IGGqFco5EZhE6A4O7ZNbTjNgP8nPCzeAhkvPd+yLTLwElcP93T78awEs9Ti
osct7lZNHRGqIKyEdJe5/6AekjI=
-----END CERTIFICATE----- - Assert Endpoint is the App URL (Pathable events site URL) with the final "/saml/sso/assert", it's pretty much the same for every community.
- Audience - optional URL field, it varies on each SAML SSO that is configured, can be the same configured to the Assert Endpoint if it's configured to send the audience as the same as Assert Endpoint.
- Force Authentication - yes or no field, that if set to YES, will force re-authentication of users even if the user has an SSO session with the IdP. This can also be configured on the IdP.
- Allow Unencrypted Assertion on Service Provider - yes or no field, that if set to YES, allows unencrypted assertions, which is the body of the message that comes in SAML SSO. The Assertion brings some data about the user, like the first name, last name, email, etc.
- Allow Unsigned Responses - yes or no field, that if set to YES, signatures will not be checked, therefore accepting responses without a signature.
- Login URL - it's the login URL for the form of SAML SSO.
- Logout URL - needs to be a logout URL for SAML SSO.
- IdP Certificate - optional field, it's the IdP certificate, it's similar to the Primary Key and Certificate. It is used to unencrypt the message.
- Profile Data:
- Email Attribute - Name of the attribute responsible for representing the email of the profile.
- First Name Attribute - Name of the attribute responsible for representing the first name of the profile.
- Last Name Attribute - Name of the attribute responsible for representing the last name of the profile.
- External ID Attribute - Name of the attribute to use as "ExternalID" in Pathable.
- Check-box: "Create user if it doesn't exist at Pathable" this configuration will make it possible for the SSO to create a profile in Pathable if it doesn't exist when the user logins for the 1st time.