Configuring SiteMinder as an Identity Provider

Most options are the default values. These are the most important configuration parameters you will need:

  • EntityID: urn:auth0:YOUR_TENANT
  • Assertion Consumer Service URL: https://YOUR_AUTH0_DOMAIN/login/callback
  • Logout URL: https://YOUR_AUTH0_DOMAIN/logout
  • HTTP-Redirect binding for SAML Request
  • HTTP-POST binding for SAML Response

The instructions below will guide you into where these values need to be entered in SiteMinder.

1. Open the SAML Service Provider Dialog

Provide an appropriate name for this Service Provider. We suggest using:

  • Name: YOUR_TENANT

2. Defining NameIdentifier

You can define many ways of generating a NameIdentifier for users authenticating with SiteMinder. Typically you will map this value to one of the user properties in the User Directory as uid in the example blow:

3. Configure the Service Provider General SAML properties

Use the following values for this configuration screen:

  • SP ID: urn:auth0:YOUR_TENANT
  • SAML Version: 2.0
  • Skew Time: 30 seconds

4. Configure the Assertion Consumer Service URL

The Assertion Consumer Service URL is the location where SiteMinder will POST back the SAML Token. This Service Provider (YOUR_TENANT) only supports the HTTP-POST binding for SAML Responses. Use these values:

  • Assertion Consumer Service: https://YOUR_AUTH0_DOMAIN/login/callback
  • HTTP-Post: checked

5. Configure additional user properties to send in the token

Add any other properties you wish to share about the authenticated user to this Service Provider. Common values are: name, lastname, e-mail address, etc. This Service Provider will use the NameIdentifier defined in step 2 as a unique handle of the user. These attributes will be treated as reference information:

6. Enter the Single Sign Out URL

  • SLO Location URL: https://YOUR_AUTH0_DOMAIN/logout

7. Optional Assertion Encryption

The Service Provider supports encryption of Assertions. To use this option, do the following to download the Service Provider public key certificate.

  • In the Auth0 Dashboard, click on Connections and then Enterprise
  • Click on SAMLP Identity Provider
  • Click on the Setup icon (pencil)

In the window which appears, the seventh (last) bullet gives you links to download the .pem or .cer format certificate.

Download the desired certificate and add it to the SiteMinder Policy Server Keystore.