MIRACL provides predefined profiles for popular SAML2 Service Providers in the M-Pin SSO Server.
Instructions for installing these can be found in the next page of this menu section.
If the Service Provider you wish to use with M-Pin SSO is not listed there, then use this document which describes how to configure the M-Pin SSO Server to work with a generic SAML2 Service Provider.
For more information, please see your Service Provider’s SAML documentation and the OASIS consortium’s SAML wiki: https://wiki.oasis-open.org/security/FrontPage
Declare M-Pin SSO as a SAML2 identity provider on your SAML2 Service Provider using the SAML2 Identity Provider metadata of M-Pin SSO.
Go to http[s]://your.domain.com/idp/saml2/metadata to obtain the metadata from your service provider.
You first need to create a new SAML2 Service Provider entry. This requires the SAML2 metadata of the Service Provider as described above.
Login to your SSO instance and go to
Dashboard › Saml › Service providers › Add service provider (http[s]://your.domain.com/admin/saml/libertyprovider/add/)
Fill in the form fields:
Note: The service provider must be enabled. See below about configuring the service provider with policies: options of the service provider protocol policy attribute policy
The SAML2 options of the service provider are configured using sp options policies.
You may create a regular policy and configure your service provider to use it.
Go to: http[s]://your.domain.com/admin/saml/spoptionsidppolicy/add/
Configure your policy
Applying the policy to the service provider:
Example with a policy ‘Default’:
Example with a policy ‘All’:
If no policy is found for the configuration of the SAML2 options of a service provider, an error message “No SP policy defined” is displayed to the users when a SSO request is received.
The added service will appear on the M-Pin SSO homepage: