Versions Compared

Old Version 1

changes.mady.by.user Kevin Yeh

Saved on

compared with

New Version 2

changes.mady.by.user Kevin Yeh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

'sp1' => [
    'saml:SP',
  'entityID' => 'https://drcloudehr-idd-qa-dev-ed.develop.my.salesforce.com',
],
'sp2' => [
    'saml:SP',
  'entityID' => 'https://drcloudehr-idd-staging-dev-ed.develop.my.salesforce.com/',
],

...

okta.com/',
],

 Changes to /var/simplesamlphp/metadata/dc-idp-mapping.php


The authentication sources defined in the previous step are mapped to V1 site_id/database configurations

/var/simplesamlphp/metadata/dc-idp-mapping.php stores an associative array of authentication source to V1 site_id tags.  It specifies which database should be used to compare the SAML user with the V1 user. (referenced through the email address column in the users table)

$DC_IDP_MAPPINGS = [
     // idp-tag                     DrCloud SiteID                   idp-entity-id
      'qa'         =>['dc_site_id' => 'qa'          , 'idp_entity' => 'sp1'],     //--example
      'second'     =>['dc_site_id' => 'qa'          , 'idp_entity' => 'sp2'],     //–example

];

These mapping consist of an idp-tag that associates a SiteID(dc_site_id) with one of the sources(idp_entity) defined in authsources.php

The idp-tag is specified when accessing the SSO URL described earlier
https://<v1-server>/<ehrFiles>/interface/login/saml.php?idp=<IdentityProviderTag>

The idp-tag does not need to match the V1 site id.  However, when possible, it is encouraged to do so.  If multiple IdP need to connect to the same V1 site,