Page tree
Skip to end of metadata
Go to start of metadata

This SSO implementation is based on SAML (Security Assertion Markup Language) and allows your application to sign in an existing GoodData user. The authentication is done by exchanging authentication and authorization data between the parties, not by username and password. 

SAML SSO only supports SHA2 or higher digital signature algorithms and digest algorithms as part of the assertion.

GoodData supports SAML Identity Provider-initiated scenario only:

Configure the following settings:

SAML version2.0 (versions 1.0 and 1.1 are not supported)
Post back URL (destination)
The URL where the SAML response and assertion is consumed. For white-labeled instances, use your hostname instead.
The URL of the assertion consumer. For white-labeled instances, use your hostname instead.
Audience restrictionGoodData
Name ID formatEmailAddress
Sign responseYes
Sign assertionYes (default) / No (let us know if you are not able to sign the assertion)
Encrypt responseNo
SSO Init typeIdentity Provider-initiated
RelayStateThe URL in GoodData where the user is redirected after a successful login

For an example of the SAML message consumed by the GoodData side, click here.