Configure SiteMinder as SAML Identity Provider

Configure SiteMinder as SAML Identity Provider

Configure SiteMinder as a SAML identity provider by completing the following steps.

Prerequisite

You must have a SiteMinder account.

Configure SiteMinder settings

When configuring SiteMinder, you will use the default values for most options. You will also need the following Auth0-related values in the configuration steps below:

  • EntityID: urn:auth0:{yourTenant}

  • Assertion Consumer Service URL: https://{yourDomain}/login/callback

  • Logout URL: https://{yourDomain}/logout

  • HTTP-Redirect binding for SAML Request

  • HTTP-POST binding for SAML Response

  1. Log into SiteMinder.

  2. Open the SAML Service Provider Dialog.

  3. Provide an appropriate name for this service provider.

  4. Define the NameIdentifier. There are many ways of generating this for users authenticating with SiteMinder. Typically you will map this value to one of the user properties in the User Directory as uid.

  5. Configure the service provider general SAML properties:

    Setting Description
    SP ID urn:auth0:{yourTenant}
    SAML Version 2.0
    Skew Time: 30 seconds

  6. Configure the Assertion Consumer Service URL which is the location where SiteMinder will POST back the SAML token. This Service Provider ({yourTenant}) only supports the HTTP-POST binding for SAML Responses. Use: https://{yourDomain}/login/callback

  7. Check the HTTP-Post box.

  8. Configure additional user properties to send in the token. Add any other properties you wish to share about the authenticated user to this Service Provider. Common values are: name, lastname, email address, and so on. This Service Provider will use the NameIdentifier defined previously as a unique handle of the user. These attributes will be treated as reference information.

  9. Enter the SLO Location URL: https://{yourDomain}/logout

  10. (Optional) The service provider supports encryption of assertions. To use this option, do the following to download the Service Provider public key certificate.

    1. In the Auth0 Dashboard, click on Connections and then Enterprise.

    2. Click on SAMLP Identity Provider.

    3. Click on the setup icon (pencil).

    4. In the window which appears, the seventh (last) bullet gives you links to download the .pem or .cer format certificate.

    5. Download the desired certificate and add it to the SiteMinder Policy Server Keystore.