OpenSlides offers single sign on via SAML authentication. It ca be enabled and configured as a superadmin in the global settings.

The auth-service has to be restarted for changes in config attributes to take effect.

docker-compose restart auth

Enter a String that appears as label on the login button. Defaults to SAML Login

The current implementation maps and updates user attributes given as JSON configuartion. The key of each line is the OpenSlides attribute and the value maps to the IdP user attribute. Everytime the user performs a login via SSO the attributes are updated in OpenSlides.

This metadata file is provided by the IdP. An example file of what it's form is expected to look like is provided in our auth-service

Currently the metadata file of the SP (OpenSlides itself is the SP) has to be created outside of OpenSlides. An example is available in our auth-service. All "FILL" strings have to be replaced by a valid config. For information about how to fill the configuration correctly refer to the official documentation.

A X509 key to encrypt the communication to the IdP. The attribute <X509Certificate> in the SP metadata has to contain the public key (certificate) to this private key.

The following command can be used to generate a key pair:

openssl req -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.key