SAML SSO Setup for CDNetworks SP

This article describes how to set up corresponding metadata to build trust in the enterprise credentials provider and enable enterprise IdP to log on to CDNetworks through SSO.

Operation Steps

Step 1. Create a service provider

You can create a SAML2.0 authentication provider on the CDNetworks Console’s Access Control (IAM). and uploads the metadata file of the identification provider in the enterprise organization, which is based on SAML2.0.
Step 1: Log in to IAM Access Control and enter the Service Provider page.
(https://iam.cdnetworks.com/uni/console/#/idp?code=ac_idp&productCode=accesscontrol) enter the service provider page;

Step 2: Click Add Service Provider, upload and save metadata.

Metadata docs are provided by Enterprise IdP and must be in XML format with Information such as the login service address of the IdP, the public key used to authenticate the signature, and the statement form.
Note that the valid until time on the public key should be,Sets the certificate expiration time. The metadata document is provided by Enterprise IdP and must be in XML format, containing the IdP login service address, the public key used to validate the signature, and the assertion format.
Note:

1. ValidUntil time on the public key should be configured to be same as the expiration time of the certificate
2. IDP entityID: The entityID is for identifying iDP, so the program code should be ensured to use the entityID and upload. The entity ID in the metafile in the IAM should be the same.
   For example, use the same website address of the enterprise;
3. SP entityID: https://login.cdnetworks.com

Step 3: Click View Service Provider to view the login location for your enterprise IDP.address.

2. Authorize the subaccount

IdP enterprise account access to CDNetworks is ultimately accessed by converting to the actual account of CDNetworks, which can be either a master-account or a sub-account.

• The relationship between the IdP account and the CDNetworks account: This relationship is maintained by the IdP, and the corresponding CDNetworks account must be returned in the SAML assertion. For details, see the SAML response example section.
• Authority: The operation authority of the IdP account to access the console is the same as the authority of the CDNetworks account.
• The diagram of account association relationship is as follows: