Snow License Manager settings
This section describes the settings that can be configured in Snow License Manager for the Service Provider and the Identity Provider.
Service Provider settings
The following table describes the settings that can be configured in Snow License Manager for the Service Provider to integrate with the Identity Providers.
| Setting | Description |
|---|---|
| Name | Name of the service provider |
| AssertionConsumerServiceUrl* | Absolute or relative path to the service handling the sign in assertion at the Service Provider. |
| LocalCertificateFile* | Absolute or relative path to the X.509 certificate |
| LocalCertificatePassword* | Specifies the password associated with the X.509 certificate |
| LocalCertificatePasswordKey* | appSettings key in web.config storing the password for the x.509 Certificate |
| LocalCertificateStoreLocation* | Specifies the x.509 certificate’s location in the certification store. (LocalMachine or CurrentUser) |
| LocalCertificateSerialNumber* | Specifies the x.509 certificate’s serial number in the certification store. |
| LocalCertificateThumbprint* | Specifies the x.509 certificate’s thumbprint in the certification store. |
| LocalCertificateSubject* | Specifies the x.509 certificate’s subject name in the certification store. |
*Optional values
Identity Provider settings
Snow’s federated authentication component supports integration with several Identity Providers, for example:
-
ADFS
-
Azure AD
-
PingOne
-
Salesforce
-
Shibboleth2
noteShibboleth2 Identity provider doesn't support the single logout scenario for applications in any meaningful sense. See the official problem description: https://wiki.shibboleth.net/confluence/display/CONCEPT/SLOIssues. Using it with SLM is still possible but will result in suboptimal logout experience when a successful logout sequence will require closing current browser window.
The following table describes the settings that can be configured in Snow License Manager for the Identity Provider to integrate with Snows federated authentication component. For configuration file examples for the different Identity Providers, see Identity Provider examples.
| Setting | Description |
|---|---|
| Identifier | Customer identifier |
| Name | Url to the identity provider |
| SignAuthnRequest* | Specifies whether authentication requests sent to the partner identity provider should be signed. |
| SignLogoutRequest* | Specifies whether logout requests sent to the partner provider should be signed. |
| WantSamlResponseSigned* | Specifies whether the SAML response from the partner identity provider should be signed. Note: Whether or not the response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed SAML response from the identity provider. The actual signing should be configured on the identity provider side. |
| WantAssertionSigned* | Specifies whether the SAML assertion from the partner identity provider should be signed. Note: Whether or not the response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed assertion from the identity provider. The actual signing should be configured on the identity provider side. |
| WantAssertionEncrypted* | Specifies whether the SAML assertion from the partner identity provider should be encrypted. Note: Whether or not the assertion will be encrypted is solely decided by the identity provider. This parameter only indicates that SLM will request an encrypted assertion from the identity provider. The actual encryption should be configured on the identity provider side. |
| WantLogoutResponseSigned* | Specifies whether the logout response from the partner provider should be signed. Note: Whether or not the logout response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed logout response from the identity provider. The actual signing should be configured on the Identity provider side. |
| SingleSignOnServiceUrl | Specifies the partner identity provider’s single sign-on (SSO) service URL. Authentication requests will be sent to the SSO service. |
| SingleLogoutServiceUrl | Specifies the partner provider’s single logout (SLO) service URL. Logout requests will be sent to the SLO service. |
| PartnerCertificateFile | Absolute or relative path to the X.509 certificate |
*Optional values