SAML Settings

Splash Business Intelligence (SplashBI) supports Single Sign-On (SSO), a process that allows users to authenticate themselves against an external Identity Provider (IdP) rather than obtaining and using a separate username and password handled by SplashBI.

Under the SSO setup, SplashBI can work as a Service Provider (SP) through SAML (Secure Assertion Markup Language) allowing you to provide Single Sign-On (SSO) services for your domain.

Please refer to SplashBI SAML White paper for detailed instructions on configuring SAML within SplashBI.


System/Software Requirements

Following is the list of the software that is required for using Splash BI’s SAML support for SSO (Single Sign-On):

      • Identity Provider that supports SAML 2. 0 for SSO authentication.
      • Identity Provider that supports the import and export of XML metadata files.
      • SplashBI 2.5 or later supports SAML based authentication.
      • Username in SplashBI and Identity Provider should be the same.
      • Optionally an X.509 certificate file from any Certificate Authority (CA) or self- signed (. cert or .crt), and a private key file with. key extension.


Splash BI SSO Authentication Architecture


Configuration

SplashBI needs to be configured to use SAML for SSO. The following are the steps involved in configuring SAML in SplashBI:


  • Add SplashBI as a Service Provider to IdP.
  • Upload the IdP (Identity Provider) metadata to SplashBI.

Add a SplashBI as a Service Provider to IdP


  1. Login to SplashBI with admin user.
  2. Go to Administrator à Setting.
  3. Click on SAML Settings.


       


             4.  Click on configure button present in service provider 



  1. Enter the required details as described in the following screen. Our recommendation is to enter SplashBI for Entity ID. 
  2. The system automatically generates the Entity base URL.

       


  1. Once the metadata is generated successfully go back to find the metadata list and click on the View metadata of service provider
  2. From the metadata list, click on the Service Provider view metadata to get the metadata XML and copy the metadata XML.


       


  1. Metadata XML needs to upload to IdP using the screens/approach defined by your IdP vendor.


Upload IdP (Identity Provider) metadata to SplashBI


We need to add the IdP metadata to SplashBI describing the system about the IdP that we want to use for SAML based SSO. The following steps are involved in doing this:


  1. Get the metadata XML from the IdP vendor.
  2. Go to SAML Settings as described earlier, and click on Configure button of Identity Provider.



  1. Copy the metadata XML provided by the IdP vendor and click Add Identity Provider.


  1. The configuration is complete.
  2. One of the two options can be used to Login with SSO:


    • SSO URL http://<domain>:<port>/SplashBI/SSOLogin. e.g.: http://prod.eistech.com:8080/SplashBI/SSOLogin
    • Use default SplashBI Login to find a link to SSO Login.



  1. Once the login details are validated by IdP, you will be redirected to the SplashBI Home page.



Note : To regenerate Service/Identity provider metadata user have option called delete.


Delete Service/Identity provider metadata to regenerate in SplashBI.



After clicking on delete user can reconfigure the service /Identity provider meta data.