Intercept SAML

Security Assertion Markup Language (SAML) is an XML-based format that enables authentication and authorization between an identity provider and a service provider.

Click the toggle to enable Intercept SAML (Security Assertion Markup Language) for Single Sign On (SSO) configurations.

IMPORTANT You must enable your client to use Server Name Indication (SNI) to connect with the Lookout gateway.

Enter the following information.

Click +Add IdP and enter one or more IdP entity IDs.
An IdP ID specifies the identity provider (also known as the Identity Assertion Validator). The identity provider can assert to the system with which the user is trying to interact that the identifier is known to the provider. The system can then validate the IdP assertion. You can enter up to 10 IdP entity IDs. For example, if you have three IdP servers, you can enter a separate IdP ID for each. Each IdP ID you add is listed in the table below the SAML Signing Certificate field.

You can use the icons in the Action column at the right to edit information about each IdP ID or remove an IdP certificate you no longer need.
Select an IdP validation certificate. This is the certificate to be used to validate the SAML assertion presented by the IdP.
The proxy will use this certificate to make sure the original assertion is authentic before rewriting it. If you see the message No Certificates Found, click the Please upload Identity Certificate link, which will take you to the Certificate Management page. From there, you can import an identity certificate. For instructions, see Configuring and managing certificates.
Select an SAML Signing certificate from the list.
The proxy uses this to re-sign the SAML assertion after rewriting. To enter additional IdP IDs, click +Add IdP.

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Intercept SAML

lookout-footer