SAML 2.0 Sign-On and Single Logout

Last updated
Save as PDF

Overview

The SAML specification supports an HTML form that is used to pass the SAML assertion via HTTPS POST. In addition to the information used during the single sign-on, your identity provider can also define the start, login, and logout pages.

For SAML 2.0, instead of using the TARGET field, the identity provider uses the <AttributeStatement> in the SAML assertion to specify this additional information.

Aria supports common SAML 2.0 parameters that are part of the <AttributeStatement>, including:

relayState is the URL where the user is directed upon successfully logging in with SSO. If the user attempted to access Aria before logging in with SSO, Aria will load the site URL that the user attempted to access before SSO login.

The default URL is: https://secure.ariasystems.net/ui/app.php/

logoutURL is the URL where the user is directed upon manually logging out, or upon being automatically logged out of Aria.

The default URL is: https://admintools.ariasystems.net

Example Statement

The following is an example of an <AttributeStatement> for SAML 2.0 that contains both relayState and logoutURL:

<saml:AttributeStatement>
   <saml:Attribute Name="relayState"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
      <saml:AttributeValue xmlns:xs=http://www.w3.org/2001/XMLSchema
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:anyType">
               https://secure.ariasystems.net/ui/app.php
      </saml:AttributeValue>
   </saml:Attribute>

   <saml:Attribute Name="logoutURL"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
     <saml:AttributeValue xmlns:xs=http://www.w3.org/2001/XMLSchema
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
              https://admintools.ariasystems.net
      </saml:AttributeValue>
   </saml:Attribute>
</saml:AttributeStatement>