Single Sign On (SSO)

SSO – Change the login page in case the user logs out

Key	<add key="CustomAbsoluteLoginPage" value="http://anyurl"/>
Possible values	Text
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

SSO – Enable or disable SSO

Key	<add key="Authentication.ExternalLoginMode" value="None"/>
Possible values	Token, Header, None
Where to add/change	customer.config CloudShell Server installation directory
Default value	Token
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

SSO – Enable or disable using Token mode

Key	<add key="Authentication.ExternalLoginMode" value="Token"/>
Possible values	Token, Header, None
Where to add/change	customer.config CloudShell Server installation directory
Default value	Token
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

SSO – Configure token encryption using Rijndael symmetric encryption key (32 bytes)

Key	<add key="Authentication.ExternalLoginKey" value="xxxx"/>
Possible values	Any multiple of 32 bits
Where to add/change	customer.config CloudShell Server installation directory
Default value	As set in the QsTeamServer.exe.config file in the Quali Server installation directory
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

SSO – Configure token encryption using Rijndael symmetric encryption key IV (16 bytes)

Key	<add key="Authentication.ExternalLoginIV" value="yyy"/>
Possible values	Any multiple of 16 bits
Where to add/change	customer.config CloudShell Server installation directory
Default value	As set in the QsTeamServer.exe.config file in the Quali Server installation directory
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

Header mode – used when the username is added to one of the HTTP headers

Key	<add key="Authentication.ExternalLoginMode" value="Header"/>
Possible values	Any username that is added to one of the HTTP headers
Where to add/change	customer.config CloudShell Server installation directory
Default value	Token
Affected CloudShell Component	CloudShell Portal
Version	6.0 and above

SAML Single Sign On (SSO)

SSO/SLO configuration is available with CloudShell Premium Tier.

For step-by-step instructions on how to use these configuration keys, see Configuring SAML Single Sign-On (SSO).

note

CloudShell supports SAML v2.0. If you encounter an error, please contact your SAML administrator.

SAML SSO – Enable SAML SSO authentication

Key	<add key="SamlSSOAuthenticationEnabled" value="true" />
Possible values	True/False
Where to add/change	customer.config CloudShell Portal installation directory
Default value	False
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the Assertion Consumer Service URL

Key	<add key="SamlAssertionConsumerServiceUrl" value="http://localhost:60433/Saml/Consume" />
Possible values	URL string with the address of the CloudShell Portal (including server IP address and port number)
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the URL of the Identity Provider

Key	<add key="SamlIdpTargetUrl" value="http://stubidp.kentor.se/" />
Possible values	URL of the Identity Provide (IdP)
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the address of the login page (CustomAbsoluteLoginPage)

Key	<add key="CustomAbsoluteLoginPage" value="http://localhost:60433/Saml/Index" />
Possible values	Text, URL string with the address of the CloudShell Portal (including server IP address and port number)
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the deflate/inflate compression when processing SAML requests

Key	<add key="SamlDeflateInflate" value="false" />
Possible values	True/False
Where to add/change	customer.config CloudShell Portal installation directory
Default value	True
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the name of the certificate key file (.pfx file) to sign the SAML request with

Key	<add key="SamlIssuerCert" value="HuaweiCA.pfx;roveafuna" />
Possible values	Text, if the certificate is locked with a password use a semicolon and provide the password (as shown in the above example)
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Configure the HTTP method to use when issuing the SAML request to the Identity Provider

Key	<add key="SamlRequestMethod" value="GET" />
Possible values	Get, Post, Redirect
Where to add/change	customer.config CloudShell Portal installation directory
Default value	Redirect (which does not check for browser compatibility)
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Redirect the user to a specified URL whenever the user browses the SAML consumer endpoint without a response

Key	<add key="SamlEmptyResponseRedirectUrl" value="http://developer.huawei.com/cn/ict/" />
Possible values	URL string or Null
Where to add/change	customer.config CloudShell Portal installation directory
Default value	NULL (which means the user will not be redirected and ultimately will get an error message saying the response is empty)
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Redirect the user to a specified URL whenever the user browses the CloudShell Portal login page

Key	<add key="CustomAbsoluteLoginPage" value="http://developer.huawei.com/cn/ict/"/>
Possible values	URL string (In SAML and SSO context, this key is usually used to hide the login page and redirect incoming users to the SAML endpoint. Some environments (like Huawei) use it to redirect users when they log off of the portal back to their landing page.)
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Redirect the user to a specified URL whenever the user browses the CloudShell Portal logout page

Key	<add key="CustomAbsoluteLogoutPage" value="http://[server]/AuthServices/Logout"/>
Possible values	URL string , where [server] is the IdP server's IP or DNS
Where to add/change	customer.config CloudShell Portal installation directory
Default value	N/A
Affected CloudShell Component	CloudShell Portal
Version	6.4 and above

SAML SSO – Enable direct access to CloudShell Portal

Key	<add key="add key="BypassCustomLogin" value="true"/>
Possible values	True/False
Where to add/change	customer.config CloudShell Portal installation directory
Default value	False
Affected CloudShell Component	CloudShell Portal
Version	7.1 and above

SAML SSO – Change the name of the Domain attribute which defines the CloudShell domain to associate the user to

note

This attribute may be added when setting up users in an IdP, to log a user into a specific domain if a user belongs to more than one domain. For more information, see Set up an Identity Provider (IdP).

Key	<add key="SsoDomainAssertionName" value="MyDomainAttribute"/>
Possible values	Text
Where to add/change	customer.config CloudShell Server installation directory
Default value	Domain
Affected CloudShell Component	CloudShell Portal
Version	8.2 and above