Detailed documentation for setting up SAML.

Detailed documentation is required from the liberty team on how to configure SAML + LDAP for different vendors and how to set it up correctly to work in the 'IBM Cloud Private'

Customers use different types of LDAP servers such as OpenLDAP, Active directory etc which can be set up differently ( email or uid ) as an authentication mechanism.

When customers set up SAML based authentication with different SSO servers ( KeyClock , w3 etc ),There is a requirement on how to set both SAML+LDAP in sync . Liberty server expects certain attributes to be emited by SAML server such as 'nameIDFormat" which can be of different data types such as shown below, accordingly the liberty 'server.xml' needs certain attributes such as 'userIdentifier' based on how the LDAP is setup.


nameIDFormat
============

customize

email

encrypted

entity

kerberos

persistent

transient

unspecified

windowsDomainQualifiedName

x509SubjectName

email

Specifies the URI reference corresponding to a name identifier format defined in the SAML core specification.
customize
Customized Name ID Format.
email
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
encrypted
urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted
entity
urn:oasis:names:tc:SAML:2.0:nameid-format:entity
kerberos
urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
persistent
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
transient
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
unspecified
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
windowsDomainQualifiedName
urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
x509SubjectName
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName