SSO with Custom Provider

Implementation Details

IDP Specifications

IDP details can be automatically imported from a public URL, imported from file, or manually entered.

SAML 2.0 SSO Specifications

Exceed Cast supports both IDP-initiated and SP-initiated sign on methods.

Exceed Cast will sign all messages to the IDP. This includes the AuthnRequest when using SP-initiated sign on. The IDP is not required to validate signatures on the AuthnRequest.

SAML response assertions must be signed with the IDP certificate. Full message signing is not required.

The Signature Algorithm accepted is SHA256.

Name ID is required in the response assertion. The only accepted Name ID format is urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress. The Name ID provided must match the email address of a user or belong to a verified organization domain.

Other attributes are not required for a successful login. If a displayName attribute is provided at login time, the user's display name will be updated to match.

SAML 2.0 SLO Specifications

Exceed Cast supports IDP-initiated single log out methods.

SAML logout requests must be signed with the IDP certificate.

The Signature Algorithm accepted is SHA256.

Exceed Cast does not send SP-initiated log out requests to the IDP.

Implementation Details​

IDP Specifications​

SAML 2.0 SSO Specifications​

SAML 2.0 SLO Specifications​

Implementation Details

IDP Specifications

SAML 2.0 SSO Specifications

SAML 2.0 SLO Specifications