Single Sign-On using SAML

This feature is only available on SQL systems.

This topic provides an introduction to how vFire Core can be configured for Single Sign-On (SSO) using Security Assertion Markup Language (SAML) and the technical requirements to use this functionality.

 

vFire Core Analysts and Users will typically need access to a large number of internally and externally hosted (Cloud) applications each requiring usernames and passwords. Identity federation helps to solve this issue by providing a secure mechanism for sharing identities and therefore removing the need to maintain a separate user profile for vFire Core.

SAML is an identity federation standard language that enables SSO without the need to remember passwords and is a convenient way to access web applications due to enhanced security. It limits potential risks by eliminating the need for extra web application passwords by establishing a trust between the vFire Application and the Organization's Federated Identity system(s).

The SAML Transaction Steps for vFire

  1. The vFire User or Analyst makes a request to access the application by loading an appropriate vFire URL in a Browser.
  2. The vFire application will detect this request and generate a SAML request.
  3. This is redirected back to the User/Analyst’s browser with the SSO URL.
  4. The Identity Provider, MS ADFS or other Partner, checks the request and then authenticates the User/Analyst.
  5. The SAML Response is generated.
  6. It is then passed back to the User/Analyst’s Browser which is then sent to the vFire URL.
  7. vFire verifies this response.
  8. The User is logged into the vFire application.

Glossary of Terms

Federated Identity is the means of linking a person’s electronic identity across multiple distinct identity management systems.

Single Sign-On is a property of access control of multiple related but independent software systems allowing a user to log in to vFire Core with a single ID and password.

SAML is an XML based open standard for exchanging authentication and authorization data between for instance, an application with a user’s own organizational log in credentials.

Service Provider (sP) in this case is the application for which Users are attempting to access and log in to i.e. the vFire Application.

Identity Provider (IdP) is the source of the SAML service (e.g. ADFS, Shibboleth) which provides the Service Provider (vFire Application) with the authorization for users to log on and use the application.