This article reviews the SAML SSO features MindTouch supports for ADFS.
Supported SAML SSO features for ADFS
MindTouch integrates with ADFS as a service provider (SP), trusting ADFS as its identity provider (IdP). The table below lists the standard SAML single sign-on (SSO) and single logout (SLO) scenarios and endpoints MindTouch supports for ADFS.
|SP-initiated SAML 2.0 SSO||SP redirect request, IdP POST response|
|SP-initiated SAML 2.0 SLO||SP redirect request, IdP redirect response|
|IdP-initiated SAML 2.0 SSO||IdP POST request|
|IdP-broadcasted SAML 2.0 SLO||SP redirect reqeust, IdP redirect response|
|SP metadata download||http://example.com/@app/saml/metadata|
|SP public X.509 certificate download||If available: http://example.com/@app/saml/certificate|
|SP-IdP public X.509 certificate synchronization||IdP public X.509 certificate must be manually updated in the MindTouch SP (either by IdP metadata or certificate file)|
|SP-IdP message signing and verification||MindTouch signs outgoing messages with SHA1|
|IdP-SP message & assertion signing and verification||SHA1 and SHA256 signatures are allowed|
|IdP-SP assertion encryption and decryption||AES-128, AES-256, and Triple DES encryption algorithms are allowed|