Adding a SAML 2 Client in EUM

To begin, locate the appsettings.json file located in the IdentityServer folder. Once located, update the PartnerServiceProviderConfigurations: section with information surrounding your SAML 2 application. 

These settings are marked with comments as by default we don't have any OOTB applications that utilize SAML 2P.  In order to provide a starting point, we had to wrap the settings in comment tags.

In order to add a SAML Client to EUM, you must login to EUM Admin with Configuration Editor permissions. Once logged in, please click on the Federation Clients tile. Once in the Clients section of EUM Admin, you'll notice the clients are seperated by OpenID Connect, WS-Federation and SAML 2.0. Please click + Add Client button. 

1. Begin by filling in the Basics section of the client template with your Client ID, Client Name, Client URL, Client Redirect Urls, Scopes, Protocol Type and toggle the Enabled switch on. 

2. Click Secret Consent Logo on the left navigation and click into the Secrets: field. This will turn all fields to green and a check mark will appear in the left Navigation beside Secret Consent Logo. 

3. Click Token Type Lifetime in the left navigation and update Identity Token Lifetime to 1 Hours (or whatever timeframe you want your SAML token to be alive for). All fields should go green once changed and a green check mark will appear beside Token Type Lifetime.

4. Click Logout on the left navigation, toggle Enable Local Login: to On and input the Post Logout Redirect URI. Once complete, you should see a green check mark appear beside the Logout in the left navigation. 

5. Click Client Grant Types and select the Client Grant Type: Implicit. You should see a green check mark appear beside Client Grant Types in the left navigation. 

6. Select Token Options from the left navigation menu. Toggle Always include User Claims in Id Token to ON.  This will allow the SAML Token to be populated with the user profile data that may be required in your SAML application.

7. Click Refresh on the left navigation menu. Click into one of the fields and they will all light up green. You will see a Create button appear at the lower portion of the screen and there will be green check marks beside each item in the left navigation. Click Create which should create your SAML 2 Client.

8. If you need to update the client, you will see the new client on the Federation Clients page of EUM Admin under the SAML 2.0 section.