Information

  • There are two authentication methods which can be active at the same time:
  • If both methods are active, a part of the users, for example, can be managed via the Active Directory and the other part can only be managed via the application.

Local Users

Information

SAML

Information

  • Configuration of the IdP in PLANTA pulse in the file docker-compose.yml :
    • The key/value pairs need to be added to the docker-compose.yml in 'METEOR_SETTINGS={ "saml":[{...}] separated by commas.
    • Furthermore, the authentication method “saml” needs to be activated in the file docker-compose.yml: 'METEOR_SETTINGS={..., "userAuth":{ "saml": true, ...
KeyDescriptionObligatoryExample valueNote
providerIdentity ProviderYes"azure"Currently, only “azure” is supported
entryPointSAML endpointYes

"https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../saml2"

(Directory) tenant ID
issuerURL to the applicationYes

"796732dd-5ff6-2d78-90bc-49ded..."

Application ID
federationMetaDataUrlURL to the metadata of the IdP, mainly Azure, ADFSYes"https://login.microsoftonline.com/c6c70-f7f7f-9bhh.../federationmetadata/2007-06/federationmetadata.xml"(Directory) tenant ID
idpSLORedirectURLSingle Logout URL on the IdPNo"https://planta.plantapulse.de/"
privateKeyFileFile with the application key, Base64-encodedNo

"certs/myPrivateKey.pem"


privateCertFileFile with the application certificate, Base64-encodedNo

"certs/myPublicCert.pem"



  • Users are automatically created in PLANTA pulse when logging in as long as the user does not exist yet (the e-mail address is the criterion).
  • Provider attributes used for user creation:
Attribute of the IdPUsage in pulseNote
emailUser e-mailHas to be unique
nameIDUsernameHas to be unique. PLANTA Azure nameID = e-mail address