Futurama Logo

Welcome to the Futurama Support Site

The Futurama Support Site is the website where you can find Futurama and Futurama Vision documentation. If you have any questions about the support pages or if you want to provide us feedback please send us an e-mail.




Index Configuration - Identity Provider
Previous  |  Next

 1      About Futurama
 1.1        Version information
 1.2        Getting Started
 1.2.1          Futurama Website
 1.2.1.1            Behavior of Futurama regarding TimeOuts, Login and Logoff
 1.2.1.2            Replacing an existing Futurama Session
 1.2.2          Futurama Webservice
 1.2.2.1            warmUpDocuments
 1.2.3          Futurama Export
 1.3        Overview - Futurama Modules
 1.3.1          Overview - Futurama Accounts
 1.3.2          Overview - Futurama Server
 1.3.3          Overview - Futurama Monitor
 1.3.4          Overview - Futurama Insight
 1.3.5          Overview - Futurama Console
 1.3.6          Overview - Futurama Webservice
 1.4        Loadbalancing Futurama applications
 1.4.1          Getting the most out of Futurama Web using the Load-Balancer
 1.4.2          Application Request Routing
 1.5        Text management and Multi-language
 2      Installation – Configuration – Testing
 2.1        Installation - Futurama Website Edition
 2.1.1          Installation Futurama HTML
 2.1.2          Installation Futurama Monitor
 2.1.3          Installation Futurama Insight
 2.1.4          Installation Futurama Accounts
 2.1.5          Installation SAML2LoadBalancer
 2.2        Installation - Futurama Export Edition
 2.2.1          Installation Futurama Console
 2.2.2          Installation Futurama Server
 2.3        Installation - Futurama Webservice Edition
 2.3.1          Installation Futurama Webservice
 2.4        Installation Futurama Editor
 2.5        Configuration
 2.5.1          Configuration - Cache
 2.5.2          Configuration - Calculation
 2.5.3          Configuration - Debug
 2.5.4          Configuration - File manager
 2.5.5          Configuration - Fileproviders
 2.5.6          Configuration - Format
 2.5.7          Configuration - History
 2.5.8          Configuration - Identity Provider
 2.5.9          Configuration - Log
 2.5.10           Configuration - Mail
 2.5.11           Configuration - Mapping
 2.5.12           Configuration - Monitor
 2.5.13           Configuration - PlugIns
 2.5.14           Configuration - Rendering
 2.5.15           Configuration - ScenarioRecording
 2.5.16           Configuration - Security
 2.5.17           Configuration - Server
 2.5.18           Configuration - Vision
 2.5.19           Configuration - WebAPI
 2.6        Logging
 2.7        Troubleshooting
 2.8        Security - hardening
 3      Updating and file compatibility
 3.1        Updating Futurama - Compatibility behavior
 3.2        Converting Futurama documents
 3.3        12819 - DataTable file updates
 3.4        12889 - DataTable file updates
 3.5        Conversion web.config to .NET Framework 4
 3.6        Deprecated conversion formulas
 4      Futurama Editor - How to
 4.1        At first glance
 4.2        Developing in the Futurama Editor
 4.2.1          Working with objects
 4.2.2          Evaluating objects
 4.2.3          Finding objects
 4.3        Transferring objects
 4.4        Testing objects
 4.5        Validating objects
 4.6        Troubleshooting objects
 4.7        Advanced/special functionality
 4.8        Checking the layout of objects
 5      Futurama - Formulas
 5.1        Futurama Formulas - Date and time
 5.1.1          Date
 5.1.2          Day
 5.1.3          Days360
 5.1.4          Days360Excel
 5.1.5          DaysInMonth
 5.1.6          DaysInPeriod
 5.1.7          Min
 5.1.8          Max
 5.1.9          Month
 5.1.10           Now
 5.1.11           WeekDay
 5.1.12           Year
 5.2        Futurama Formulas - Math
 5.2.1          Abs
 5.2.2          Add
 5.2.3          Divide
 5.2.4          Floor
 5.2.5          Ln
 5.2.6          Log
 5.2.7          Log10
 5.2.8          Mod
 5.2.9          Multiply
 5.2.10           Pi
 5.2.11           Power
 5.2.12           Rand
 5.2.13           Round
 5.2.14           RoundDown
 5.2.15           RoundUp
 5.2.16           SquareRoot
 5.2.17           Subtract
 5.3        Futurama Formulas - Statistical
 5.3.1          AverageDeviation
 5.3.2          Beta
 5.3.3          Binomial
 5.3.4          Covariance
 5.3.5          Factorial
 5.3.6          Gamma
 5.3.7          GeometricMean
 5.3.8          Lognormal
 5.3.9          Max
 5.3.10           Median
 5.3.11           Min
 5.3.12           Normal
 5.3.13           StandardDeviation
 5.3.14           Uniform
 5.3.15           Variance
 5.4        Futurama Formulas - Text
 5.4.1          CalculateBase64Hashcode
 5.4.2          CalculateXmlHashcode
 5.4.3          Concatenate
 5.4.4          ConcatenateBase64
 5.4.5          ContainsText
 5.4.6          Convert.CSV.2.XML
 5.4.7          ConvertFromBase64
 5.4.8          ConvertToBase64
 5.4.9          ConvertXml
 5.4.10           DecodeURL
 5.4.11           DecryptXml
 5.4.12           EncodeURL
 5.4.13           EncryptXml
 5.4.14           Find
 5.4.15           HashBase64EncodedFile
 5.4.16           HashBase64EncodedFileWithBase64
 5.4.17           HashText
 5.4.18           HashTextWithBase64
 5.4.19           Left
 5.4.20           Len
 5.4.21           Linefeed
 5.4.22           Lower
 5.4.23           Mid
 5.4.24           Proper
 5.4.25           ReadConfigKey
 5.4.26           ReadDirectoryNames
 5.4.27           ReadFile
 5.4.28           ReadFileAsBase64
 5.4.29           ReadFileNames
 5.4.30           ReadFileWithEncoding
 5.4.31           ReadXPathScalar
 5.4.32           ReadXPathVector
 5.4.33           Repeat
 5.4.34           Right
 5.4.35           Substitute
 5.4.36           Trim
 5.4.37           TrimLeft
 5.4.38           TrimRight
 5.4.39           Upper
 5.4.40           ValidatePattern
 5.4.41           XsdMessages
 5.5        Futurama Formulas - Logical
 5.5.1          And
 5.5.2          IsEmpty
 5.5.3          If
 5.5.4          IsEqual
 5.5.5          IsEven
 5.5.6          IsGreater
 5.5.7          IsGreaterEqual
 5.5.8          IsIBANChecksumValid
 5.5.9          IsLess
 5.5.10           IsLessEqual
 5.5.11           IsMemberOfGroup
 5.5.12           IsNotEqual
 5.5.13           IsOdd
 5.5.14           IsValidXml
 5.5.15           Not
 5.5.16           Or
 5.5.17           ValidateNPR
 5.6        Futurama Formulas - Table
 5.6.1          FindNextRow
 5.6.2          FindPreviousRow
 5.6.3          FindRow
 5.6.4          Sort
 5.6.5          VLookUp
 5.7        Futurama Formulas - Document
 5.7.1          CountErrors
 5.7.2          GetPathToDataFiles
 5.7.3          GetPortNumber
 5.7.4          GetRelativePathToDataFiles
 5.7.5          GetSessionID
 5.7.6          IsLicenceAvailable
 5.7.7          ReadError
 5.7.8          ReadIdentityProviderResult
 5.7.9          ReadRequestIP
 5.7.10           ReadRequestParameter
 5.7.11           ReadUserAgent
 5.7.12           ReadVersionNumber
 5.7.13           SessionTimeOut
 5.7.14           URL
 5.7.15           UserName
 5.8        Futurama Formulas - Conversion
 5.8.1          Convert.Excel.to.XML
 5.8.2          ConvertJSONtoXml
 5.8.3          ConvertTextToDate
 5.8.4          ConvertTextToNumber
 5.8.5          ConvertToBoolean
 5.8.6          ConvertToDouble
 5.8.7          ConvertToLong
 5.8.8          ConvertToString
 5.8.9          FormatDate
 5.8.10           FormatNumber
 5.8.11           Value
 5.9        Futurama Formulas - Matrix
 5.9.1          AddMatrices
 5.9.2          AddScalarToMatrix
 5.9.3          Cumulative
 5.9.4          CumulativeProductMatrix
 5.9.5          Distinct
 5.9.6          DivideMatrices
 5.9.7          DivideMatrixScalar
 5.9.8          DivideScalarMatrix
 5.9.9          Exponent
 5.9.10           First
 5.9.11           Floor
 5.9.12           If
 5.9.13           Index
 5.9.14           Inverse
 5.9.15           IsEqual
 5.9.16           IsGreater
 5.9.17           IsGreaterEqual
 5.9.18           IsNotEqual
 5.9.19           IsLess
 5.9.20           IsLessEqual
 5.9.21           Join
 5.9.22           Last
 5.9.23           Length
 5.9.24           MatrixProduct
 5.9.25           Max
 5.9.26           MaxScalarMatrix
 5.9.27           Mean
 5.9.28           Mid
 5.9.29           Min
 5.9.30           MinScalarMatrix
 5.9.31           MultiplyMatrices
 5.9.32           MultiplyMatrixVector
 5.9.33           MultiplyScalarMatrix
 5.9.34           Percentile
 5.9.35           PowerMatrix
 5.9.36           PowerMatrixScalar
 5.9.37           PowerScalarMatrix
 5.9.38           ReadMatrixFromXml
 5.9.39           Repeat
 5.9.40           Replace
 5.9.41           Reshape
 5.9.42           ReverseCumulativeProductMatrix
 5.9.43           ReverseMatrix
 5.9.44           Size
 5.9.45           Split
 5.9.46           SquareRootMatrix
 5.9.47           Step
 5.9.48           SubtractMatrices
 5.9.49           SubtractMatrixScalar
 5.9.50           SubtractScalarMatrix
 5.9.51           Sum
 5.9.52           Transpose
 5.9.53           UnitMatrix
 5.9.54           Vector
 5.10         Creating custom formulas in Futurama
 6      Futurama - Objects
 6.1        Action
 6.2        Aggregation
 6.3        Button
 6.4        ChangeValue
 6.5        CheckBox
 6.6        ClearCache
 6.7        DatabaseField
 6.8        DatabaseView
 6.9        DataTable
 6.10         DateBox
 6.11         DocConverter
 6.12         Document
 6.13         Download
 6.14         DropDownList
 6.15         EmailConverter
 6.16         ExcelConverter
 6.17         FileSaver
 6.18         FileUploader
 6.19         Fixed
 6.20         Formula
 6.21         GraphConverter
 6.22         HTMLInclude
 6.23         InterfacesNode
 6.24         LogMessage
 6.25         Navigator
 6.26         Node
 6.27         RadioButton
 6.28         RadioGroup
 6.29         Range
 6.30         Reference
 6.31         SubDocument
 6.32         TextBox
 6.33         UserTable
 6.34         UserVariable
 6.35         WebLabel
 6.36         WebListBox
 6.37         WebPage
 6.38         WebPanel
 6.39         WebReference
 6.39.1           WebReference - WCF Configuration
 6.40         WebService
 6.41         WebSlider
 6.42         WordConverter
 6.43         XmlBuilder
 6.44         XmlConverter
 6.45         XmlField
 6.46         XmlNode
 7      Futurama - Vision References
 7.1        Data
 7.1.1          ReadData
 7.1.2          WriteMessage
 7.1.3          GetPersonIdentifiers
 7.1.4          CreatePerson
 7.2        DataStore
 7.2.1          DeleteDataItem
 7.2.2          DeleteDataItemHierarchy
 7.2.3          DeleteDataItems
 7.2.4          GetDataItem
 7.2.5          GetDataItemHierarchy
 7.2.6          GetDataItems
 7.2.7          StoreData
 7.3        Accounts
 7.3.1          Activate Account
 7.3.2          Change Account
 7.3.3          Create Account
 7.3.4          GetQuestion
 7.3.5          GetQuestions
 7.3.6          Login
 7.3.7          ReadData
 7.3.8          ReinitializeAccount
 7.4        General
 7.4.1          TestConnection
 8      Futurama Vision
 8.1        Installation Futurama Vision
 8.1.1          Installation Futurama Vision Management Site
 8.1.2          Installation or Upgrade of the Futurama Vision Database
 8.2        Futurama Vision Management Site
 8.2.1          Futurama Vision Management Site - Admin
 8.2.2          Futurama Vision Management Site – Security
 8.2.3          Futurama Vision Management Site – Skinning
 8.2.4          Importing data into Futurama Vision
 8.2.4.1            Importing data by webservice
 8.2.4.2            Importing data from a Zip-file
 8.2.4.3            Importing data with Futurama Vision Batch
 8.2.4.4            Futurama Vision Webservice Security
 8.2.5          Further processing of data into Futurama Vision
 8.3        Futurama Vision File manager
 8.4        Activity overview
 8.5        Storing data in Vision from a Futurama application
 8.6        Futurama Vision – Data
 8.7        Futurama Accounts - Management Site
 8.7.1          Futurama Accounts - Table in Vision Database
 8.8        Futurama Server - Management Site
 8.8.1          Special Futurama Server Jobs
 8.9        Futurama Register - Management Site
 8.9.1          Configuration - Futurama Register
 8.10         Retrieving AppEvents from Futurama Vision
 8.11         Adding CustomPages to Vision
 9      Futurama Intermediate Control Output (FICO)
 9.1        FICO example - Change/Add HTML headers
 9.2        FICO example - Change Graph
 9.3        HTML5 Template
 10       Futurama Web API
 10.1         Postbacks of Futurama webcontrols
 10.2         Retrieving Resources using Web API
 10.3         WebAPI Session management
 11       Tutorials - Overview
 11.1         Tutorials - Examples and Downloads
 11.2         Beginners
 11.2.1           Creating formulas with Futurama
 11.2.1.1             Exercise 1: Pythagorean Theorem (Easy)
 11.2.1.2             Exercise 2: Newspaper stall (Medium)
 11.2.1.3             Exercise 3: Recursive functions (Difficult)
 11.2.1.4             Exercise 4: Leap Year (Difficult)
 11.2.1.5             Exercise 5: The Guessing Game I (Medium)
 11.2.2           Creating a Website Application
 11.2.2.1             Exercise 1: Creating a Website (Easy)
 11.2.3           Styling your website with CSS
 11.2.3.1             Exercise 1: Adding CSS (Easy)
 11.2.4           Adding interactivity to your website
 11.2.4.1             Exercise 1: Summation (Easy)
 11.2.4.2             Exercise 2: The Guessing Game II (Medium)
 11.2.4.3             Exercise 3: Nationality (Medium)
 11.2.4.4             Exercise 4: Nationality - RepeatTarget (Medium)
 11.2.4.5             Exercise 5: Reversed Guessing (Difficult)
 11.2.5           Working with Tables
 11.2.5.1             Exercise 1: Average (Easy)
 11.2.5.2             Exercise 2: Boundary values (Difficult)
 11.2.5.3             Exercise 3: Standard Deviation (Medium)
 11.2.6           Reading and processing XML-data in Futurama
 11.2.6.1             Exercise 1: Shares (Medium)
 11.2.7           Adding Graphs in Futurama
 11.2.7.1             Exercise 1: World Population (Easy)
 11.2.8           Working with Actions in Futurama
 11.2.8.1             Exercise 1: Changing Colors (Easy)
 11.2.8.2             Exercise 2: On and Off (Medium)
 11.2.8.3             Exercise 3: The ChangeValue object (Difficult)
 11.2.8.4             Exercise 4: The Guessing Game III (Medium)
 11.2.8.5             Exercise 5: CheckBox (Medium)
 11.2.9           Multiple Pages and Navigation
 11.2.10            Using XSLT to display data
 11.2.10.1              Exercise 1: Overview Summation (Easy)
 11.2.10.2              Exercise 2: Persons (Medium)
 11.2.10.3              Exercise 3: Leap Year Overview (Difficult)
 11.2.11            Webservices in Futurama
 11.2.11.1              Exercise 1: Example (Easy)
 11.2.12            Creating a Webservice Application
 11.2.12.1              Exercise 1: Add (Easy)
 11.2.12.2              Exercise 2: Webservice Nationality (Medium)
 11.2.13            Creating a Console Application
 11.2.13.1              Exercise 1: Adding extra fields (Easy)
 11.2.14            Generating Documents
 11.2.14.1              Exercise 1: Tax Rate (Medium)
 11.2.14.2              Exercise 2: Tax Rates Table (Difficult)
 11.3         Advanced
 11.3.1           Responsive Design
 11.3.1.1             Exercise 1: Orientation
 11.3.1.2             Exercise 2: Target different screen sizes
 11.4         Older Tutorials (Futurama Version 3.2)
 11.4.1           Futurama Editor Tutorial 1: The first sum
 11.4.2           Futurama Editor Tutorial 2: An annuity
 11.4.3           Futurama Editor Tutorial 3: Working with tables
 11.4.4           Futurama Editor Tutorial 4: Modelling a DB pension plan
 11.4.5           Futurama Editor Tutorial 5: Working with XML
 11.4.6           Futurama Web Tutorial 1: Hello world
 11.4.7           Futurama Web Tutorial 2: Buttons and Actions
 11.4.8           Futurama Web Tutorial 3: Textboxes
 11.4.9           Futurama Web Tutorial 4: DropdownLists
 12       Miscellaneous
 12.1         Responsive website
 12.2         Reducing memory usage for XmlNodes and XmlFields
 12.3         Explaining caching for websites and webservices
 12.4         Certificates - basic information
 12.5         Performance XML operations
 12.6         Creating XSD files and using them in combination with Futurama
 13       Templates
 14       Safe2Save WebAPI Sample
View  |  Print  |  PDF

451 documents found.


Configuration - Identity Provider

Developer
System-administrator
Futurama-Website

Version: 5.0.0 +

Applicable to: Futurama Website

Description

When you are using Futurama in Website mode you can select an external identity provider to determine if an user has access to the webpage. Currently Futurama supports the SAML 2 identity provider. This identity provider is described extensively by oasis on SAML2 overview.

When using a SAML2 identity provider the user is redirected to the website of the identity provider and performs a login on that website. After logging in the user is redirected to the website that initiated the process and you can use a Futurama function to retrieve the identity of the user.

When you want to use an external identity provider in Futurama you have to take the next steps:

  1. configuration of the identity provider in the web.config
  2. adding a button to the website that initiates the login process
  3. use a function that retrieves the identity that is provided by the identity provider (see Futurama formula ReadIdentityProviderResult).

Definitions

In this document, and in all the referenced documentation the names ServiceProvider (SP) and IdentityProvider (IDP) are used. The SP is the Futurama application that provides a service to the consumers. The identity provider is the external organisation that is used to authenticate the visitors.

Configuration

Settings

Within the <configuration> element the next code has to be included:

<configSections>
	<sectionGroup name="futuramaSettings or visionSettings">
		<section name="identityprovider" type="ActuIT.Futurama.Config.IdentityProviderSection, ActuIT.Futurama.Engine, 
		Culture=neutral, PublicKeyToken=null"/>
	</sectionGroup>
</configSections>

Next to this code, also within the <configuration> element the next code has to be included:

<futuramaSettings>
	<identityprovider>
		<saml2 name="Digid" baseURL="http://myapplication/" binding ="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" SAML2LoadBalancerURL="http://localhost/samlloadbalancer/" assertionBinding ="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" loginButtonText="Login with TestIDP">
			<spcertificate findValue="www.sp.com" storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" />
			<idpcertificate findValue="www.idp.com" storeLocation="LocalMachine" storeName="Root" x509FindType="FindBySubjectName" />
			<technicalContact name="UserName" email="info@actuit.nl" />
			<organization name="Futurama" displayName="Futurama" url="www.futurama.eu" />
			<idp idpssoURL="http://localhost/SAML2IdentityProviderVS/SAML/SSOService.aspx"
            idpArtifactResponderURL="http://localhost/SAML2IdentityProviderVS/SAML/ArtifactResponder.aspx"
            idpLogoutURL=http://localhost/SAML2IdentityProviderVS/SAML/SingleLogoutService.aspx claimNameGroupNameAssertion="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"  />
			<security level="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
            digestMethod="http://www.w3.org/2001/04/xmlenc#sha256" signatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
			<logging mode="Simple" />
			<scoping proxyCount="0" getComplete="http://www.test.nl">
				<idpList>
					<idp name="testIDP1" providerID="provID1" loc="loc1" />
					<idp name="testIDP2" providerID="provID2" loc="loc2" />
				</idpList>
				<requesterIDs>
					<requester requesterID="testRequesterID1" />
					<requester requesterID="testRequesterID2" />
				</requesterIDs>
			</scoping>
			<attributeConsumingService>
				<serviceNameList>
					<serviceName xml:lang="en" name="ServiceName" />
				</serviceNameList>
				<requestedAttributeList>
					<requestedAttribute name="AttributeName" isRequired="true"/>
				</requestedAttributeList>
			</attributeConsumingService>
		</saml2>
	</identityprovider>
</futuramaSettings>

The futuramaSettings element is the general part for more configuration settings. Within this element the Identity Provider element is set.

Explanation

Within the identityprovider element some other elements and their attributes can be set. Below the explanation of these elements and attributes.

saml2

The saml2-elements does have some attributes. Below the explanation of these attributes.

name

The name used by the web application. This name is passed to the identity provider in the authentication request.

baseURL

The URL used by the webapplication.

SAML2LoadBalancerURL

The URL used by the SAML 2 LoadBalancer. SAML 2 Loadbalancer is a component that you need to use to enable SingleLogout in combination with a load balancer. This is supported in Futurama 6 and higher.

assertionBinding (Futurama 19.02+)

Optional configuration to define the binding of the assertion. Possible values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.

binding

The binding to use. Futurama supports the following bindings:

  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;
  • urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.
loginButtonText

The text that is used for the loginButton that is created for this IDP in Vision. This property is not used in a Futurama Website.

    spcertificate

    A reference to a certificate that is used by the service provider. This certificate should be placed in the certificate store. The configuration is described in certificateRerence element.

    The use of the saml2 identity provider requires that you have the private key of the certificate of the service provider. Make sure that the private key is exportable.

    idpcertificate

    A reference to a certificate that is used by the identity provider. This certificate should be placed in the certificate store. The configuration is described in certificateRerence element.

    scoping

    In this section you define the settings as they are defined in the scoping options for SAML2. This element is optional.

    attributeConsumingService

    In this section you define the settings as they are defined in the attributeConsumingService options for SAML2. This element is optional. It is possible to use 1 attributeConsumingService

    technicalContact

    In this section you can define the name of the technical contact. This anme is used in the metadata.xml file that is generated by Futurama.

    name

    The name of the technical contact.

    email

    The email address of the technical contact.

    organization

    In the organization tag you can define the name of your organization. This name is used in the generated metada.xml file.

    idp

    In the idp section you can specify various addresses that are used by the idp. These addresses should be provided by the IDP. For more background information we would like to recommend the wikipedia article on SAML 2: http://en.wikipedia.org/wiki/SAML_2.0

    idpssoURL

    The URL that is used by the IDP to initiate a single sign on. So this is the address where the initial authentication request is sent.

    idpArtifactResponderURL

    The URL that is used by the SP to request information via the back channel from the IDP in response to the receipt of a SAML artifact from the IDP.

    idpLogoutURL

    The URL that is used by the IDP to request a logout. It is used when a users logs out in this application to initiate a log out at the IDP, and it is used to confirm a logout in response to an IDP initiated logout. From 19.01 on, if this URL is empty or if the idpLogoutUrl attribute is omiited at all, Futurama will not send a logout request to the IDP.

    claimNameGroupNameAssertion

    The name of the claimAssertion the SAML2 IDP provider uses to pass possible group names. This attribute is optional. If you want to use the functionality of Windows Groups in combination with SAML2 you will need tis. For example in Azure AD you can specify which claim to fill with which property. If you do that and select the corresponding claimName here, you can use group membership for SAML2 authentication.

    logging

    In the logging tag you can define the level of log information you want.

    mode

    The logging level. Possible values are:

    • None
      No information is logged
    • Simple
      basic iinformation is logged
    • Extended
      The maximum amount of information is logged

    security

    level

    The security level that you require for authentication. The default value is urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.

    The possible values are:

    • urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    • urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract
    • urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
    digestMethod

    The digest method used for determining the XML signature.

    The possible values are:

    signatureMethod

    The encryption method used to determine the signature

    The possible values are:

    Multiple SAML2 identity providers (Futurama 18.10+)

    It is possible to configure multiple SAML2 identityproviders, by adding more than one <saml2> element in the configuration within the <identityprovider> element. When this is done, it is required that a Name is provided for every Futurama Button control that is set to “RedirectToIdentityProvider”, otherwise Futurama does not know which identityprovider to use. This name is set in the “IdentityProviderName” property, as shown in the Button documentation. When set to an empty value, it will expect that only one saml2 element is present in the configuration.

    Using 256 bit encryption

    If you want to use an IDP that requires 256 bit encryption, you need to install an extra DLL and register that DLL in Windows.

    Please follow the following steps.

    By default, SHA-1 signatures are supported and are perfectly suitable for the majority of use cases. However, SHA-256 signatures are also supported for those use cases requiring additional security.
    SHA-256 support in XML signatures requires the use of the CLR security update and is only available in .NET 3.5 and above.
    Download the CLR security update from:
    http://clrsecurity.codeplex.com/wikipage?title=Security.Cryptography.RSAPKCS
    Installation instructions may be found at:
    http://clrsecurity.codeplex.com/wikipage?title=Security.Cryptography.RSAPKCS1SHA256SignatureDescription&referringTitle=Home&ProjectName=clrsecurity
    1. Extract the Security.Cryptography DLL from the CLR security zip.
    2. Run gacutil.exe /i Security.Cryptography.dll to add the assembly to the GAC.
    3. View the assembly (e.g. C:\Windows\assembly) and note the version number (e.g 1.6.0.0).
    4. Update machine.config (e.g. in C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config and C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config) ensuring the version number of the assembly is correct. The <mscorlib> should be inserted after the <system.web> section in <configuration>. See below for an example configuration.
    5. Certificates and keys should be generated using the “Microsoft Enhanced RSA and AES Cryptographic Provider”.

    The following is an example configuration for insertion into machine.config.

    <mscorlib>
    	<!-- ... -->
    	<cryptographySettings>
    		<cryptoNameMapping>
    			<cryptoClasses>
    				<cryptoClass RSASHA256SignatureDescription="Security.Cryptography.RSAPKCS1SHA256SignatureDescription,
    				Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    			</cryptoClasses>
    			<nameEntry name="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" class="RSASHA256SignatureDescription" />
    		</cryptoNameMapping>
    	</cryptographySettings>
    </mscorlib>

    Attention points

    See the next attention poitns:

    1. Do not use cookieless sessions with a saml 2 identity provider. Otherwise the logout functionality will not work;
    2. See Installation HTML, Troubleshoot paragraph how to fix the error message ‘key not valid in for use in specified state’

    Generating metadata

    Saml 2 Identity providers require you to publish or manually deliver a metadata file. Futurama can generate this file for you. If you setup the configuration for the identity provider in your web.config you can visit the page /SAML/GetMetadata.aspx and you will receive a metadata file with all the settings from the config section. This metadata will be signed with the sp certificate. So to be able to perform this step it is important to visit this page when the sp certificate is installed in the certificate store on the server that hosts the Futurama Website. The identity for the application pool needs to have access to the private key of the sp certificate. You can use localsystem or set up the correct permissions for the specified user.

    Note: if you have configured multiple identity providers, then the metadata for a certain identity provider have to be created by disabling the other identity providers. So these are the steps to take if you have configured multiple identity providers and want to generate the metadata for identityprovider A:

    1. disable in your configuration file all the identity providers except identity provider A (disabling can be done by commenting the saml2 elements of the specific identity provider)
    2. generate the metadata by browsing to /SAML/GetMetadata.aspx (see above)
    3. save this generated metadata file
    4. enable all the identity providers again

    Debugging

    For the identity provider an external component is used. For debugging purposes you can turn on the extra logging for that module as well.

    To do that you can add the following tags to the web.config:

    <system.diagnostics>
    	<sources>
    		<source name="ComponentSpace.SAML2" switchValue="Verbose">
    			<listeners>
    				<add name="TextWriter" />
    			</listeners>
    		</source>
    	</sources>
    	<sharedListeners>
    		<add name="TextWriter" type="System.Diagnostics.TextWriterTraceListener" initializeData="D:\folder\file.log" />
    	</sharedListeners> 
    </system.diagnostics>

    DigiD

    Sample config

    If you want to use the Dutch Digid authentication you can use the following config:

    <identityprovider>
    	<saml2 name="Digid" baseURL="http://yoururl/" binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
    		<spcertificate findValue="test.registerexpress.nl" storeLocation="LocalMachine" 
    		x509FindType="FindBySubjectName" storeName="My" />
    		<idpcertificate findValue="was-preprod1.digid.nl" storeLocation="LocalMachine" 
    		storeName="TrustedPublisher" x509FindType="FindBySubjectName" />
    		<technicalContact name="John Doe" email="info@actuit.nl" />
    		<organization name="ActuIT B.V." displayName="ActuIT B.V." url="www.actuit.nl" />
    		<idp idpssoURL="https://preprod1.digid.nl/saml/idp/request_authentication" 
    			idpArtifactResponderURL="https://was-preprod1.digid.nl/saml/idp/resolve_artifact" 
    			idpLogoutURL="https://preprod1.digid.nl/saml/idp/request_logout" />
    		<security level="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" 
    			digestMethod="http://www.w3.org/2001/04/xmlenc#sha256" 
    			signatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
    		<logging mode="Simple" />
    	</saml2>
    </identityprovider>

    Accessible addresses

    For the Dutch DigiD implementation the next addresses must be accessible from the server where your application is hosted:

    Related Topics

    - Cache: Settings regarding the caching of Futurama documents

    - Debug: Settings to debug while developing with Futurama

    - Format: Format settings of Futurama

    - Log: Settings for displaying errors, warnings, information messages and developers messages

    - Mail: Definition of the mailserver that is used to send e-mails with Futurama Vision

    - Mapping: Settings for default locations of Futurama files

    - Monitor: Settings for getting session information

    - Rendering: Settings to allow Futurama to generate customized HTML

    - Security: Additional possible security settings when using Futurama Website

    - Server: Settings when using Futurama Export either in server or in batch mode

    - Vision: Configuration of the connection between Futurama and Futurama Vision

    - SAMLLoadBalancer: component that enables the use of SAML2 with a load balancer.

    Feedback

    If you have any questions about this subject or if you want to provide us feedback please send us an e-mail.

    Updated: 2018-10-15


    Previous  |  Next