000030429 - Can SAML be used with IMG application for SSO?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030429
Applies ToRSA Product Set: Identity Management and Governance
RSA Version/Condition: 6.8.1+

The question is asked:  

Can SAML be used for SSO with the IMG Application?


This knowledgebase article is not a 'how-to' implement SAML based SSO.  Those steps are extremely dependent on which SAML based  Identify Server (also known as an IDP) is used.  This article confirms that SAML based SSO authentication can be used with the IMG application and provides very basic implementation information.

What is SAML?

  1. Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.

Note: There are many SAML based IDP's that are available for use.  Some of these include:  NetIQ IDP.  PingFederate,   MS ADFS, onelogin and  ForgeRock.  This article does not recommend one over another.  Usage needs to be determined what works best in each specific environment.


SAML based authentication can be a bit difficult to setup, because of the many servers and configuration options.  The ACM/IMG SAML module was built around a more “simple” SSO solution like ADFS or onelogin..


To implement, ACM/IMG 'simply'  needs  the SAML “NameId” attribute set in the SAML assertion, with the value that matches the ACM/IMG  “User ID” field.  ACM/IMG uses the SAML Post method, where the user visits the ACM/IMG site  and they are  redirected to the IDP Server.  Then the IDP posts the user back to ACM/IMG using a  SAML assertion, with the SAML assertion in the post data.