Docs

SiteMinder

In this article, we will cover how you can configure SiteMinder for use with Auth0 as a SAML Identity Provider.

When configuring SiteMinder, you will use the default values for most options. However, you will need the following Auth0-related values in the configuration steps were cover later on in this guide:

  • EntityID: urn:auth0:YOUR_TENANT
  • Assertion Consumer Service URL: https://YOUR_DOMAIN/login/callback
  • Logout URL: https://YOUR_DOMAIN/logout
  • HTTP-Redirect binding for SAML Request
  • HTTP-POST binding for SAML Response

The instructions below will guide you into where these values need to be entered in SiteMinder.

1. Open the SAML Service Provider Dialog

Provide an appropriate name for this Service Provider. We suggest using:

  • Name: YOUR_TENANT

2. Defining NameIdentifier

You can define many ways of generating a NameIdentifier for users authenticating with SiteMinder. Typically you will map this value to one of the user properties in the User Directory as uid.

3. Configure the Service Provider General SAML properties

Use the following values when prompted:

  • SP ID: urn:auth0:YOUR_TENANT
  • SAML Version: 2.0
  • Skew Time: 30 seconds

4. Configure the Assertion Consumer Service URL

The Assertion Consumer Service URL is the location where SiteMinder will POST back the SAML Token. This Service Provider (YOUR_TENANT) only supports the HTTP-POST binding for SAML Responses. Use these values:

  • Assertion Consumer Service: https://YOUR_DOMAIN/login/callback
  • HTTP-Post: checked

5. Configure additional user properties to send in the token

Add any other properties you wish to share about the authenticated user to this Service Provider. Common values are: name, lastname, email address, and so on. This Service Provider will use the NameIdentifier defined in step 2 as a unique handle of the user. These attributes will be treated as reference information.

6. Enter the Single Sign-Out URL

  • SLO Location URL: https://YOUR_DOMAIN/logout

7. Optional Assertion Encryption

The Service Provider supports encryption of Assertions. To use this option, do the following to download the Service Provider public key certificate.

  • In the Auth0 Dashboard, click on Connections and then Enterprise
  • Click on SAMLP Identity Provider
  • Click on the Setup icon (pencil)

In the window which appears, the seventh (last) bullet gives you links to download the .pem or .cer format certificate.

Download the desired certificate and add it to the SiteMinder Policy Server Keystore.