User:System-administrator/developer
Prerequisites
- installation of Futurama Web and the use of an Identity Provider
Introduction
Futurama supports the SAML2 Identity Provider. At this page all the authentication steps are described using the Dutch DigiD as external identity provider
Description
When using a SAML2 identity provider the user is redirected to the website of the identity provider and performs a login on that website. After logging in the user is redirected to the website that initiated the process. At this site the user can perform some actions and finally log out. The authentication steps of this process (both the login and the logout) are described at this page. Also the relevant logging files are mentioned, so these files can be used for troubleshooting. Make sure that both the Futurama logging is enabled (see this page) and the SAML logging (see Debugging section at this page).
Logging in
See the next scheme for the authentication steps performed when logging in. The Browser in the browser of the user of your website., you are the Service Provider and the Idenity Provider in this case is the Dutch DigiD identity provider.
Step 1
The user browses to your website. In this step no extra logging is created.
Step 2
The user clicks at a login button in order to authenticate. At this step the user is redirected to the Identity Provider. Below the relevant information from the logs:
| Source |
Information |
| Futurama logfile of your website |
Info message ‘Authentication request sent to IDP’ |
| SAML logfile of your website |
samlp:AuthnRequest |
| Network traffic |
login.aspx?ReturnUrl= |
| Network traffic |
SSOService.axpx?SAMLRequest= |
| Network traffic |
login.aspx?ReturnUrl= |
Step 3 and 4
The user gets the login page of the Identity Provider and enters his credentials. In this step no extra logging is created.
Step 5 and 6 and 7
In step 5 the Identity Provider sends the user via a redirect back to your webpage. In this redirect a generated SAML artifact is sent by the Identity Provider. This artifact is used in step 6 in the request from your website to the Identity Provider. In step 7 the Identity Provider replies to the request in the previous step with a response message that is associated with the SAML artifact sent.
| Source |
Information |
| Futurama logfile of your website |
Debug message: Start Processing SAMLResponse |
| Futurama logfile of your website |
Debug message: SAMLResponse received in ProcessSamlResponse |
| Futurama logfile of your website |
Debug message: SAML2:Processing successful SAML response |
| Futurama logfile of your website |
Debug message: Response (response with the identity of the user) |
| Futurama logfile of your website |
Debug message: Assertion (saml:Assertion) |
| SAML logfile of your website |
HTTP request: POST /SAML/AssertionConsumerService.aspx |
| SAML logfile of your website |
samlp:Response |
| Network traffic |
Login.aspx?ReturnUrl= |
| Network traffic |
SSOService.aspx?SAMLRequest= |
| Network traffic |
AssertionConsumerService.aspx |
Step 8
Step 8 is the last step in the login process. Now you know which identifier is trying to visit your application. You can now show the webpages that are available for this user.
If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.