Security Assertion Markup Language (SAML) lets users exchange authorization data between different parties, in particular, between an identity provider and a service provider. The Datameer SAML Authenticator is designed to allow Datameer to act as a Service Provider with a SAML SSO (Single Sign On) environment. This means that authentication and identity management happen externally to the Datameer instance. These services are provided by an IdentityProvider which will authenticate end users and issue assertions containing subject and session information along with arbitrary attributes about the user. The SAML Authenticator plugin exposes some ExtensionPoint to allow customers to provide the appropriate Datameer User details (group memberships, roles, username, email) based on the incoming assertion.
The SAML authenticator requires an authentication repository that resolves the available users to your Datameer instance.
You need to implement SAML SSO SDK extensions to configure SAML authentication.
Configuring SAML with Datameer
- Login to Datameer with administrator rights.
- Click on the Admin tab > Authentication.
- Click Edit.
- Select Remote Authentication System and choose SAML from the menu.
- Provide or provide the path to your IdP Metadata (which includes endpoint URLs, binding types, attributes, and security-policy information.)
- Enter the Uniform Resource Identifier (URI) from the Service Provider. Then fill in the KeyStore and Service Provider information.
Learn more about setting up a Java KeyStore in Datameer's Knowledge Base.
- Select a Directory Service that you set up through the SAML SSO SDK extensions.
- In the Users and Groups boxes, enter created user/groups for authentication permission.
- Choose the user provider with which to authenticate.
- The advanced SSO options give administrators access control options for authentication.
- Caching is turned on automatically, but you can turn it off or edit the interval for caching on this screen. To turn off caching, click Edit and select an interval of 0.
To enable debugging of SAML edit the log4j-production.properties file and add the following: