Requirements and Limitations
In order to setup single sign-on you have to have a working identity provider. It needs to comply to the either of the following standards:
- OpenID Connect
- SAML V2.0
- Shibboleth (via SAML V2.0)
To configure our alfaview® service provider we need the following information from you:
- the endpoint of your identity provider (e. g.
- if available: test accounts and an additional testing identity provider endpoint
- if you have a SAML-based identity provider: your identity provider’s signing certificate
- the identity claims or attribute mapping of your identity provider’s SAML/OIDC response
- required: user’s first name, last name and display name
- optional: user group attribute if you want to use group based permission management in alfaview®
- your desired login domain from where your users will start the single sign-on process (example:
- Your identity provider’s SAML XML signature needs to be signed using the SHA256 algorithm. If you have no information about the signing algorithm used, we can try to help you finding it out.
- We do not support identity provider initiated SAML V2.0. But we can provide a start link that initiates the alfaview® login by redirecting to your identity provider’s login page.
- The login domain will be hosted by alfaview®.
Here is a list of identity providers that were successfully configured and are proven to work with alfaview®:
- GitLab – based on OpenID Connect
- Google Work – based on SAML V2.0
- Shibboleth – based on SAML V2.0