Below are the standard settings when setting up SAML with Recorded Future.
Recorded Future uses a unique string referred to as an SSO_Key. This key is specific to each organization’s configuration. The SSO_Key will be provided during the initial setup by Recorded Future and must be replaced in certain fields as indicated below:
-
Post-back URL (also called ACS / Assertion Consumer Service URL or Sign-In URL):
https://sso.recordedfuture.com/login/callback?connection=SSO_KEY
-
Entity ID of the Service Provider (Recorded Future) default value:
urn:auth0:recordedfuture:SSO_KEY
-
-
If available use:
-
connection.options.entityId
-
SAML Request Binding (also called the Protocol Binding): sent to the IdP from Auth0. If possible, dynamically set the value based on connection.options.protocolBinding:
connection.options.protocolBinding value | SAML Request Binding value |
Empty value ("") or not present | HTTP-Redirect |
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect | HTTP-Redirect |
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST | HTTP-POST |
If dynamically setting the value is not possible, set as either HTTP-Redirect (default) or HTTP-POST if selected in Protocol Binding
-
The SAML Response Binding: how the SAML token is received by the SP from IdP, set as HTTP-Post
-
The NameID format: unspecified
-
The SAML assertion and the SAML response can be individually or simultaneously signed.
-
The SingleLogout service URL, where the SAML Identity Provider will send logout requests and responses. SAML logout requests must be signed by the Identity Provider.
https://sso.recordedfuture.com/logout
-
Metadata: Some SAML Identity Providers can accept importing metadata directly with all the required information. You can access the metadata for your specific connection here:
https://sso.recordedfuture.com/samlp/metadata?connection=SSO_KEY
- SAML Attributes: Recorded Future only requires the user’s email address. All other Attributes will be ignored. The user’s email address must also match the user’s email address on file with Recorded Future.
Additional Information:
Single Sign-on with Recorded Future