Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To securely use SAML Metadata, partners share metadata which that contains:

  • Entity ID

  • Cryptographic Keys

  • Protocol Endpoints (bindings and locations)

Tip

Tips:

  • Every SAML System Entity contains an entity ID, the globally - unique identifier (used in software configurations), relying-party databases, and client-side cookies. On the wire, every SAML Protocol message contains the issuer's entity ID of the issuer.

  • SAML Metadata can be identified by the initial tag: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...>

...

Docupace will provide you with your Connect Metadata URL will be provided to you by Docupace. This URL is site-specific and is different in different environments. The metadata URL is formatted like this: https://{{hostname}}/{{site}}_ui/sso/samlMeta/{{connectionName}}. This URL contains the SAML 2.0 Metadata you need to provide to your IDP.

Note: Possible hostnames include:

  • dev.docupaceinc.com

  • preprod.docupaceinc.com

  • www1.paperout.com, www2.paperout.com

Info

Example:

https://www1.paperout.com/InvestmentCo_ui/sso/samlMeta/InvestmentCo

The Assertion Consumer URL is different and is provided in the metadata XML file. The metadata XML can either be imported into your IDP or configured manually. If you need to configure it manually, the table below lists common mapping. Your IDP likely has instructions on how to manually configure SAML connections in their system. If you use OKTA, click here.

...

Once you configure SAML in Connect, connect the metadata location via the following link: https://www.preprod.docupaceinc.com/financialdemo{{hostname}}/{{site}}_ui/sso/samlMeta/default{{connectionName}}

IDP Setup

Docupace provides SAML 2.0 Metadata. Your Identity Provider (IDP) administrator can use this metadata to register Docupace as an authorized Service Provider.

...

Link Type

Purpose

Link

Base

For configuring Service Provider (SP) initiated by SSO

https://{{host}}/{{site}}_ui/sso/saml/default{{clientname}}

Deep

For launching the Monitor function

Non-SSO URL - https https://{{host}}/{{site}}_ui#/monitor

SSO URL - https https://{{host}}/{{site}}_ui/sso/saml/default{{clientname}}/bookmark/monitor

Troubleshooting

You can solve two kinds of errors. If you see any other errors, you will need to contact Support.

Action Not Found

The Action Not Found error means that you entered the incorrect Assertion Consumer Service URL to the URL that contains the Metadata. You can find the correct URL in the metadata XML file.

image-20240620-083039.pngImage Added

No valid subject assertion found in response

If you see No valid subject assertion found in response, it means that the certificate configured in Docupace does not match the certificate configured in your IDP. This means you need to update the Docupace metadata configuration. This can occur if there is a mixup between environments or if the IDP configuration has changed since Docupace received the metadata.

image-20240620-083231.pngImage Added