CA AuthMinder Administration Guide › Managing Global AuthMinder Configurations › Configuring SAML Tokens

Configuring SAML Tokens

On successful authentication, AuthMinder can return an authentication token. AuthMinder supports different types of authentication tokens, and Secure Assertion Markup Language (SAML) tokens are one among them (in addition to Native, OTT, and Custom token types.)

If you want to issue SAML as authentication tokens, then configure the SAML token properties:

1. Ensure that you are logged in as a Global Administrator (GA).
2. Activate the Services and Server Configurations tab on the main menu.

   Ensure that the WebFort tab in the submenu is active.

3. Under SAML, click the SAML Token Configuration link to display the SAML Token Configuration page.
4. Depending on whether you want to create a SAML configuration or update an existing SAML configuration, select one of the following options:
   • If you want to create a configuration, then enter the configuration name in the Configuration Name field.
   • If you want to update an existing configuration, then select the configuration that you want to update from the Select Configuration list.
5. Select the SAML Signing Key in HSM option if you want to store the keys that are used for signing SAML assertions in Hardware Security Module (HSM). Otherwise, the keys are stored in the database.
6. (Only if SAML Signing Key in HSM is enabled) Click Browse against the SAML Signing Certificate Chain (in PEM Format) field to upload the certificate that is used by the AuthMinder Server to issue the SAML token.
7. Click Browse against the P12 File Containing SAML Signing Key Pair field to upload the PKCS#12 file containing the certificate that is used by the AuthMinder Server to issue the SAML token.
8. Enter the password for the PKCS#12 file in the P12 File Password field.
9. In the Digest Method field, specify the algorithm (such as SHA1, SHA256, SHA384, SHA512, or RIPEMD 160) that is to be used for hashing the SAML tokens.
10. Enter the name of the Issuer who will provide the SAML token generated by AuthMinder.

    For example, if company XYZ is using AuthMinder to generate SAML tokens, then you can enter XYZ in this field.

11. In the Subject Format Specifier (SAML 1.1) field, specify the format of the SAML subject for SAML 1.1.
12. In the Subject Format Specifier (SAML 2.0) field, specify the format of the SAML subject for SAML 2.0.
13. Enable the Single-Use Token option, if you want the SAML token to be used only once for authentication.
14. In the Token Validity (in Seconds) field, enter the duration after which the SAML token cannot be used.
15. If required, set the additional attributes for SAML token generation in the Additional Token Attributes section.

    Click Add More to add more attributes, if needed.

16. In the Audience section and table, enter the details of the audience who can use the SAML token.

    Click Add More if you want to add more audiences.

17. Click Save to save the SAML token configuration.
18. Refresh all deployed AuthMinder Server instances. See "Refreshing a Server Instance" for instructions about the procedure.