If you are not familiar with setting up SAML service provider in DualShield, please refer to the wiki below:

Integrate with SAML-enabled services

In the DualShield Admin Console, navigate to "SSO | Servicer Providers"

Click "Create" to create a new service provider

SSO ServerSelect the Single Sign-on Server that will serve this new service provider 
ApplicationSelect the application that you have created for this Power App
NameEnter a descriptive text
TypeChoose "SAML 2.0"
Metadatasee below
SAML OptionsEnable "Sign on SAML Assertion"


Follow the instruction below to create the metadata data

Create the Service Provider (SP) metadata for a Power App using the following template:
SP Metadata
<?xml version="1.0" encoding="UTF-8" ?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://power-app-service-provider-realm">
       <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
              <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
              <AssertionConsumerService 
                   Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                   Location="https://power-app-assertion-consumer-service-url"
                   index="0" isDefault="true">
               </AssertionConsumerService>
               <SingleLogoutService
                   Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                   Location=""/>
        </SPSSODescriptor>
</EntityDescriptor>

Replace the following text

  • power-app-service-provider-realm
  • power-app-assertion-consumer-service-url

with the Power App's real settings as illustrated below:

Below is a real example:

<?xml version="1.0" encoding="UTF-8" ?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://deepnettest.powerappsportals.com">
<SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://deepnettest.powerappsportals.com/signin-saml_2"
index="0" isDefault="true">
</AssertionConsumerService>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location=""/>
</SPSSODescriptor>
</EntityDescriptor>




Click "Create Metadata"

Copy and Paste the metadata

Click "Save"

Click "Attribute"

Click "Create"

LocationChoose "HTTP Body"
NameEnter "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
FormatChoose "urn-oasis:names:tc:SAML:2/.0:attrname-format-unspecified"
Maps to Select "Email"
Return in ResponseEnabled

Click "Save"

Click "Save"



  • No labels