This SSO implementation is based on SAML (Security Assertion Markup Language) and allows your application to sign in an existing GoodData user. The authentication is done by exchanging authentication and authorization data between the parties, not by username and password.
SAML SSO only supports SHA2 or higher digital signature algorithms and digest algorithms as part of the assertion.
GoodData supports SAML Identity Provider-initiated scenario only:
Configure the following settings:
|SAML version||2.0 (versions 1.0 and 1.1 are not supported)|
|Post back URL (destination)|
The URL where the SAML response and assertion is consumed. For white-labeled instances, use your hostname instead.
The URL of the assertion consumer. For white-labeled instances, use your hostname instead.
|Name ID format||EmailAddress|
|Sign assertion||Yes (default) / No (let us know if you are not able to sign the assertion)|
|SSO Init type||Identity Provider-initiated|
|RelayState||The URL in GoodData where the user is redirected after a successful login|
For an example of the SAML message consumed by the GoodData side, click here.