Organizations with feature level of standard or enterprise will have access to different authentication methods which can be configured under authentication settings. At least one method must be enabled at all times.
Configuring SAML
When the SAML checkbox is selected, more form fields will appear for configuring the connection to your organization’s identity provider. You will need to enter the Entity ID, Sign On URL, Sign Out URL, and x.509 Certificate used by the identity provider.
Configuring SAML is a two step process. The second step is to add the Blubrry SSO API as a service provider application in your identity provider system. Configuration settings for the Blubrry SSO API can be found at https://api.blubrry.com/sso/saml-metadata.php. Please ensure the NameID format is in the expected format and the following claims are passed on a successful login:
- Group / group
- (the user’s group)
- Name ID / username / Username
- (In the expected NameID Format)
- (In the expected NameID Format)
Your identity provider configuration page may look similar to the following image.
Configuring OAuth2 OpenID Connect
When the OAuth2 OpenID Connect checkbox is selected, more form fields will appear for configuring the connection to your organization’s authorization server.
If the authorization server requires explicit flow (the authorization response type does not include token), then extra fields are required for the user info endpoint.
Make sure that https://api.blubrry.com/sso/openid-callback/ is added as an authorized redirect URI for your authorization server.