Snow License Manager settings

This section describes the settings that can be configured in Snow License Manager for the Service Provider and the Identity Provider.

Service Provider settings

The following table describes the settings that can be configured in Snow License Manager for the Service Provider to integrate with the Identity Providers.

Setting

Description

Name

Name of the service provider

AssertionConsumerServiceUrl*

Absolute or relative path to the service handling the sign in assertion at the Service Provider.

LocalCertificateFile*

Absolute or relative path to the X.509 certificate

LocalCertificatePassword*

Specifies the password associated with the X.509 certificate

LocalCertificatePasswordKey*

appSettings key in web.config storing the password for the x.509 Certificate

LocalCertificateStoreLocation*

Specifies the x.509 certificate’s location in the certification store. (LocalMachine or CurrentUser)

LocalCertificateSerialNumber*

Specifies the x.509 certificate’s serial number in the certification store.

LocalCertificateThumbprint*

Specifies the x.509 certificate’s thumbprint in the certification store.

LocalCertificateSubject*

Specifies the x.509 certificate’s subject name in the certification store.

*Optional values

Identity Provider settings

Snow’s federated authentication component supports integration with several Identity Providers, for example:

  • ADFS

  • Azure AD

  • PingOne

  • Salesforce

  • Shibboleth2

    Note

    Shibboleth2 Identity provider doesn't support the single logout scenario for applications in any meaningful sense. See the official problem description: https://wiki.shibboleth.net/confluence/display/CONCEPT/SLOIssues. Using it with SLM is still possible but will result in suboptimal logout experience when a successful logout sequence will require closing current browser window.

The following table describes the settings that can be configured in Snow License Manager for the Identity Provider to integrate with Snows federated authentication component. For configuration file examples for the different Identity Providers, see Identity Provider examples.

Setting

Description

Identifier

Customer identifier

Name

Url to the identity provider

SignAuthnRequest*

Specifies whether authentication requests sent to the partner identity provider should be signed.

SignLogoutRequest*

Specifies whether logout requests sent to the partner provider should be signed.

WantSamlResponseSigned*

Specifies whether the SAML response from the partner identity provider should be signed.

Note

Whether or not the response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed SAML response from the identity provider. The actual signing should be configured on the identity provider side.

WantAssertionSigned*

Specifies whether the SAML assertion from the partner identity provider should be signed.

Note

Whether or not the response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed assertion from the identity provider. The actual signing should be configured on the identity provider side.

WantAssertionEncrypted*

Specifies whether the SAML assertion from the partner identity provider should be encrypted.

Note

Whether or not the assertion will be encrypted is solely decided by the identity provider. This parameter only indicates that SLM will request an encrypted assertion from the identity provider. The actual encryption should be configured on the identity provider side.

WantLogoutResponseSigned*

Specifies whether the logout response from the partner provider should be signed.

Note

Whether or not the logout response will be signed is solely decided by the identity provider. This parameter only indicates that SLM will request a signed logout response from the identity provider. The actual signing should be configured on the Identity provider side.

SingleSignOnServiceUrl

Specifies the partner identity provider’s single sign-on (SSO) service URL. Authentication requests will be sent to the SSO service.

SingleLogoutServiceUrl

Specifies the partner provider’s single logout (SLO) service URL. Logout requests will be sent to the SLO service.

PartnerCertificateFile

Absolute or relative path to the X.509 certificate

*Optional values