Progress DataDirect Hybrid Data Pipeline User's Guide Release 4.6.2

Registering a SAML authentication service

Save PDF

Registering a SAML authentication service

Save PDF

Last Updated: March 6, 2025
2 minute read

Hybrid Data Pipeline
Version 4.6
Documentation

Before a user account can be configured to use SAML, a SAML service must be registered with Hybrid Data Pipeline. As described in the following sections, you can register a SAML plugin authentication service either through the Web UI or the Authentication API.

Note:

An external authentication service registered in the default system tenant is available across all tenants, while an external authentication service registered in a child tenant is only available in that tenant. Once a service is registered with a tenant, the tenant administrator can create or modify user accounts to authenticate end user credentials against the service.
A user with the Administrator (12) permission can register an external authentication service on any tenant within the system. A user with the RegisterExternalAuthService (26) permission can register an external authentication service on any tenant to which he or she has administrative access.

Register SAML service via the Web UI

Take the following steps to register a SAML service via the Web UI.

Navigate to the Manage Authentication view by clicking the manage authentication icon .
Select the tenant for which you are registering the service from the Select Tenant dropdown.
Click + New Service. You will be directed to the Create Authentication Service screen.
Provide the following information.
- The name and description of the service
- The service type
- Asserting Party SSO URL (The URL used to access the SAML server of the identity provider.)
- Asserting Party Entity Id (The entity ID of the identity provider.)
- Asserting Party Certificate Location (The certificate location of the identity provider required to authenticate against the SAML server. For example, /common/test/example/samlcerts/onelogin.pem.)
- Relying Party Entity Id (Optional. A valid string or URL identifying the entity ID of the Hybrid Data Pipeline server.)
- Assertion Consumer Service Path (Optional. The URL to which the identity provider redirects to after authentication.)
- HDP Username Identifier (Optional. A valid SAML attribute containing the authenticated user name.)
Click Save.

What to do next:

Configure Hybrid Data Pipeline user accounts to use the SAML service. See Configuring user accounts for SAML authentication for details.

Register SAML service via the Authentication API

The following POST operation registers the SAML service. For further details, see Register an external authentication service.

Request

POST https://MyServer:8443/api/admin/auth/services

Request payload

{
  "name": "SAML",
  "tenantId": 1,
  "description": "SAML Auth plugin",
  "authDefinition": {
     "attributes": {
        "registrationId": "test",
        "assertingPartySSOUrl": "https://login.myserver.com/37d22137-b880-0247099d/saml",
        "assertingPartyEntityId": "https://sts.system.net/74b27217-b880-02470799266d/",
        "assertingPartyCertLoc": "Progress/DataDirect/Hybrid_Data_Pipeline/Hybrid_Server/ddcloud/keystore/",
        "relyingPartyEntityId": "https://hostname:8443/hdp/saml/service-provider-metadata/test",
        "assertionConsumerServicePath": "https://hostname:8443/hdp/login/saml/sso/test",
        "hdpUsernameIdentifier": "SAMLValidatedUser"
       }
    },
    "authTypeId": 4
}

Response payload

Status code: 201
Successful response

{
  "id": 2,
  "name": "SAML",
  "tenantId": 1,
  "description": "SAML Auth plugin",
  "authDefinition": {
    "attributes": {
      "registrationId": "test",
      "assertingPartySSOUrl": "https://login.myserver.com/37d22137-b880-0247099d/saml",
      "assertingPartyEntityId": "https://sts.system.net/74b27217-b880-02470799266d/",
      "assertingPartyCertLoc": "Progress/DataDirect/Hybrid_Data_Pipeline/Hybrid_Server/ddcloud/keystore/",
      "relyingPartyEntityId": "https://hostname:8443/hdp/saml/service-metadata/test",
      "assertionConsumerServicePath": "https://hostname:8443/hdp/login/saml/sso/test",
      "hdpUsernameIdentifier": "SAMLValidatedUser"
       }
    },
    "lastModifiedTime": "2021-07-26T08:30:16.006Z",
    "authTypeId": 4,
    "tenantName": "OrgS"
}

What to do next

Configure Hybrid Data Pipeline user accounts to use the SAML service. See Configuring user accounts for SAML authentication for details.