SAML application scripting

You can use the SAML application template (described in Custom SAML applications) to add a SAML-enabled web application to the app catalog. This template creates a SAML application profile for a web application that defines how the Privileged Access Service presents an authenticated user to the web application via a SAML assertion.

Each SAML application profile requires a custom SAML script. The script defines how the Privileged Access Service creates and presents a SAML assertion for each user’s session with the web application. Each application profile may also provide an optional user map script that determines the user’s application log-on name for use in the SAML assertion. Both scripts are written in JavaScript.

This guide provides these sections:

  • SAML authentication overview is an overview of the SAML authentication process for a user session with a web application. It shows how the Privileged Access Service works with a set of JavaScript objects during the process.
  • Writing a user map script describes how to write an optional user map script to specify an application user log-on name for a user session.
  • Writing a custom SAML script describes how to write the required custom SAML script to define a SAML assertion for a user session.
  • Scripting environment reference is a reference section for the objects, methods, and variables in the user map and SAML scripting environment.

To write a SAML script, you need to know how to write code in JavaScript. You also need to know the basics of SAML authentication to understand how to specify a SAML assertion. This guide provides some guidance about SAML configuration values, but for specifics you can consult the SAML specifications provided at http://saml.xml.org/saml-specifications. For an introduction to SAML, try the overviews provided at http://saml.xml.org/wiki/saml-introduction.