DocketManager Single Sign-on

Customer will act as the Identity Provider

what needs to be provided

entityId - issuerURL

entityOrganization - used for the username prefix

Cert X.509

DocketManager is the Service Provider. 

DocketManager implementation of SAML 2.0 was built to support unsolicited response only.

Unsolicited Response SSO. In this scenario, the SP does not initiate the authentication flow and just receive a SAML Response from the IdP. The flow starts on the IdP side and once the user is authenticated they can choose a specific SP from a list and then get redirected to its URL.

SAML Assertion will be based on the usernames from the external system

    Contacts with matching usernames will need to be configured within the DocketManager instance. A username prefix will be required within DocketManager, this prefix will need to be agreed upon as system configuration is required on our server.

Hashing algorithm need to be SHA256

Service Provider

ACS URL: https://{CUSTOMER SHORT NAME}.orderprintnow.com/Saml2/Acs

entityId: https://{CUSTOMER SHORT NAME}.orderprintnow.com/Saml2

Identity Provider (what needs to be provided)

entityId - issuerURL

entityOrganization - used for the username prefix

Cert X.509

Just in Time

Claim: "http://schemas.microsoft.com/ws/2008/06/identity/claims/version"

Value: 2

Including this claim will result in; a call to a new ContactService method called CreateOrUpdateContact that will create a command from the new claims we created specifically for this new feature

• "http://docketmanager.net/identity/claims/name"

  • Contact Name

• "http://docketmanager.net/identity/claims/title"

  • Contact Title

• "http://docketmanager.net/identity/claims/phonenumber"

  • Contact Phone Number

• "http://docketmanager.net/identity/claims/emailaddress"

  • Contact Email Address

• "http://docketmanager.net/identity/claims/defaultcustomer"

  • Default Customer Name

• "http://docketmanager.net/identity/claims/customerid"

  • Customer External Identifier

• "http://docketmanager.net/identity/claims/billinglocation.name"

  • Contact BillingLocation.Name

• "http://docketmanager.net/identity/claims/billinglocation.street"

  • Contact BillingLocation.Address

• "http://docketmanager.net/identity/claims/billinglocation.city"

  • Contact BillingLocation.City

• "http://docketmanager.net/identity/claims/billinglocation.region"

  • Contact BillingLocation.Region

• "http://docketmanager.net/identity/claims/billinglocation.country"

  • Contact BillingLocation.Country

• "http://docketmanager.net/identity/claims/billinglocation.zippostalcode"

  • Contact BillingLocation.ZipPostalCode

• "http://docketmanager.net/identity/claims/shippinglocation.name"

  • Contact ShippingLocation.Name

• "http://docketmanager.net/identity/claims/shippinglocation.street"

  • Contact ShippingLocation.Address

• "http://docketmanager.net/identity/claims/shippinglocation.city"

  • Contact ShippingLocation.City

• "http://docketmanager.net/identity/claims/shippinglocation.region"

  • Contact ShippingLocation.Region

• "http://docketmanager.net/identity/claims/shippinglocation.country"

  • Contact ShippingLocation.Country

• "http://docketmanager.net/identity/claims/shippinglocation.zippostalcode"

  • Contact ShippingLocation.ZipPostalCode

There is no mechanism for determining if a value was left out intentionally, because of this all values are expected for each SAML request and values that aren't provided are assumed to be deliberately empty.

DocketManager Contact Setup

• All contacts must exist in DocketManager
• Contacts must be given appropriate access including
  • Security roles
  • Portals
  • Products
  • Usernames must match the external site with a prefix
    • i.e. if username is info@docketmanager.ca and prefix is dm, username must be entered as

    dm-info@docketmanager.ca