The settings on the Advanced tab are used to refine and troubleshoot a SAML integration.
The following settings on the Advanced tab control some less commonly used SSO configuration.
This setting determines whether the saml request is signed or not. Enabling this setting can increase security, but it's incompatible with some IdPs. This setting is disabled by default.
Base metadata URL
This value sets the desired URL for the entityID and endpoint URLs. This URL should be an https.
If you aren't using a URL with https, you need to get help from Support to continue
setting up SSO.
Forces any user with an existing IdP session to log in again.
When guest access is enabled, issues a SAML AuthnRequest upon first access with
"isPassive=true", which should cause the IdP to simply redirect back to Jive if the user doesn't
have an active session with the IdP.
For most IdPs, using the default setting is correct.
NameID Allow Create
By default, this check box is cleared. You should leave it cleared unless you receive an error about NameID creation while setting up your SAML integration.
Specifies that metadata should be signed. You should clear this check box UNLESS your
IdP requires that the metadata be signed. If you use ADFS, you must clear this check
IDP Want Response Signed
Use this setting to add a configuration to the SP metadata that tells the IdP that the
SAML response should be signed, instead of only the assertions within the response. You
should not enable this setting unless Support recommends it.
Along with Requested AuthnContext Comparison, this optional setting is used to add additional information to requests in certain specific cases. It's disabled by default.
Requested AuthnContext Comparison
Along with Requested AuthnContext, this optional setting is used to add additional information to requests in certain specific cases. It's disabled by default.
Use this setting to determine whether the IdP metadata you provide to Jive should be
validated with respect to any validUntil timestamps. Some IdPs
generate metadata with arbitrary validUntil timestamps on their
metadata, which can cause validation to fail and keep Jive from running. This option is
disabled by default.
This check box is unselected by default. If you use ADFS, it must remain
unselected. Some IdPs may require a scoping definition.
This setting specifies the maximum number of proxies any request can go through in the request to the IdP. The default value is 2. If your IdP needs more than 2 proxy redirects, adjust this value upward.