Identity Provider¶
An IdentityProvider configures a SAML-based external identity provider for single sign-on (SSO) authentication with DRP.
SAML metadata that describes the IdP is supplied either as a URL
(MetaDataUrl) or as an inline XML blob (MetaDataBlob). DRP uses this
metadata to establish the trust relationship, validate assertions, and
determine endpoint URLs for the SAML flow.
When a user authenticates through the IdP, DRP extracts the username from
the assertion attribute named in UserAttribute and group memberships
from GroupAttribute. The GroupToRoles map then translates group names
into DRP Role assignments, giving each SSO user the
union of Roles mapped from their groups. If none of the user's groups
match an entry in GroupToRoles, the DefaultRole is assigned as a
fallback. Setting DenyIfNoGroups to true causes authentication to fail
entirely when no groups are found in the assertion.
The login UI can be customized with DisplayName (a human-readable label)
and LogoPath (a URL or DRP files path to an icon) so that operators can
distinguish between multiple configured identity providers.
| Field | Definition |
|---|---|
| DefaultRole | DefaultRole - defines the default role to give these users |
| DenyIfNoGroups | DenyIfNoGroups - defines if the auth should fail if no groups are found in the GroupAttribute |
| Description | Description is a string for providing a simple description |
| DisplayName | DisplayName - The name to display to user |
| Documentation | Documentation is a string for providing additional in depth information. |
| GroupAttribute | GroupAttribute - specifies the attribute in the Assertions to use as group memberships |
| GroupToRoles | GroupToRoles - defines the group names that map to DRP Roles |
| LogoPath | LogoPath - The path on DRP or the URL to the logo icon |
| Meta | Meta contains the meta data of the object. The type of this field is a key / value map/dictionary. The key type is string. The value type is also string. The general content of the field is undefined and can be an arbritary store. There are some common known keys: color - The color the UX uses when displaying icon - The icon the UX uses when displaying * title - The UX uses this for additional display information. Often the source of the object. Specific Object types use additional meta data fields. These are described at: https://docs.rackn.io/stable/redirect/?ref=rs_object_metadata |
| MetaDataBlob | MetaDataBlob - String form of the metadata - instead of MetaDataUrl |
| MetaDataUrl | MetaDataUrl - URL to get the metadata for this IdP - instead of MetaDataBlob |
| Name | Name is the name of this identity provider required: true |
| UserAttribute | UserAttribute - specifies the attribute in the Assertions to use as username |