Versions Compared

Old Version 8

changes.mady.by.user Nataliia Plakhtii

Saved on

compared with

New Version Current

changes.mady.by.user Mercedes Rothwell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To securely use SAML Metadata, partners share metadata which that contains:

  • Entity ID

  • Cryptographic Keys

  • Protocol Endpoints (bindings and locations)

Tip

Tips:

  • Every SAML System Entity contains an entity ID, the globally - unique identifier (used in software configurations), relying-party databases, and client-side cookies. On the wire, every SAML Protocol message contains the issuer's entity ID of the issuer.

  • SAML Metadata can be identified by the initial tag: <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...>

Connect Metadata Location

Docupace will provide you with your Connect Metadata URL will be provided to you by Docupace. This URL is site-specific and is different in different environments. The metadata URL is formatted like this: https://{{hostname}}/{{site}}_ui/sso/samlMeta/{{connectionName}}. This URL contains the SAML 2.0 Metadata you need to provide to your IDP.

Note: Possible hostnames include:

  • dev.docupaceinc.com

  • preprod.docupaceinc.com

  • www1.paperout.com, www2.paperout.com

Info

Example:

https://www1.paperout.com/InvestmentCo_ui/sso/samlMeta/InvestmentCo

The Assertion Consumer URL is different and is provided in the metadata XML file. The metadata XML can either be imported into your IDP or configured manually. If you need to configure it manually, the table below lists common mapping. Your IDP likely has instructions on how to manually configure SAML connections in their system. If you use OKTA, click here.

Name in Metadata

Configuration Name in IDP

entityId

Audience or Audience Restriction

AssertionConsumerService

Url to post SAML response

Destination

Recipient

Once you configure SAML in Connect, connect the metadata location via the following link: https://www.preprod.docupaceinc.com/financialdemo{{hostname}}/{{site}}_ui/sso/samlMeta/default{{connectionName}}

IDP Setup

Docupace provides SAML Metadata, which you can use to set up the site 2.0 Metadata. Your Identity Provider (IDP) administrator can use this metadata to register Docupace as an authorized Service Provider (SP). Also, you can accomplish this process by importing the metadata provided by Docupace into Identity Provider (IDP).

Tip

Tips:

  • To import metadata into your Identity Provider (IDP), refer to your IDP documentation.

  • To finalize the setup, provide Docupace with Identity Provider (IDP) and IDP's metadata.

...

Docupace supports a Service Provider (SP) that is initiated by SSO. This Service Provider (SP) initiated by SSO includes the following link types:

Link Type

Purpose

Link

Base

For configuring Service Provider (SP) initiated by SSO

https://{{host}}/{{site}}_ui/sso/saml/

default

{{clientname}}

Deep

For launching the Monitor function

Non-SSO URL -

 https

 https://{{host}}/{{site}}_ui#/monitor

SSO URL -

 https

 https://{{host}}/{{site}}_ui/sso/saml/

default

{{clientname}}/bookmark/monitor

Troubleshooting

You can solve two kinds of errors. If you see any other errors, you will need to contact Support.

Action Not Found

The Action Not Found error means that you entered the incorrect Assertion Consumer Service URL to the URL that contains the Metadata. You can find the correct URL in the metadata XML file.

image-20240620-083039.pngImage Added

No valid subject assertion found in response

If you see No valid subject assertion found in response, it means that the certificate configured in Docupace does not match the certificate configured in your IDP. This means you need to update the Docupace metadata configuration. This can occur if there is a mixup between environments or if the IDP configuration has changed since Docupace received the metadata.

image-20240620-083231.pngImage Added