OHDSI Home | Forums | Wiki | Github

SAML implementation?

Hi all,
I noticed that SAML has been added as an option in the list of authentication providers in the current master branch (though not in the latest release tag). I’m wondering if anyone has implemented/tested this yet, and if they’d be willing to share any advice/issues that might have come up. We have a local development implementation and are working on getting a production server set up and our institution (UC Davis) uses SAML (Shibboleth) for single sign on authn so we’d like to integrate with that.


Hi @scottf2 , we are trying to do just what you were trying here more than a year ago… so did you make any progress on this? Your update is greatly appreciated!


Hi @anthonysena, hope I have found the right person… could you please shed some light on this one - is SAML supported now? if so, which release version we should be using? could you please kindly point us to some example/documentation?

Thank you in advance!

We did some tests for SAML authentication with OKTA and Google Workspace and it worked well.
You can find the list of parameters in the pom.xml

It’s a good point to extend documentation with these options. And you can find examples for IdP/Sp metafiles here: https://github.com/OHDSI/WebAPI/tree/master/src/main/resources/saml/dev

Thank you @Konstantin_Yaroshove very much for the response! we are looking at this document, and here is the main part,

The following parameters are used:

  • security.saml.idpMetadataLocation=classpath:saml/dev/idp-metadata.xml - path to metadata used by identity provider
  • security.saml.metadataLocation=saml/dev/sp-metadata.xml - service provider metadata path
  • security.saml.keyManager.keyStoreFile=classpath:saml/samlKeystore.jks - path to keystore
  • security.saml.keyManager.storePassword=nalle123 - keystore password
  • security.saml.keyManager.passwords.arachnenetwork=nalle123 - private key password
  • security.saml.keyManager.defaultKey=apollo - keystore alias
  • security.saml.sloUrl=https://localhost:8443/cas/logout - identity provider logout URL
  • security.saml.callbackUrl=http://localhost:8080/WebAPI/user/saml/callback - URL called from identity provider after login

could you please show some example of the settings using the above line? for example, we should we be using for the classpath?