6.9 supports SAML2 for sure.
Regarding IdP or SP initiated, I believe the materials above are for SP SSO, but I saw IdP initiated over Azure SSO working for Archer in one of the customers.
Thanks for your response. Getting an invalid credentials when we use the IDP initiated connection. Archer was previously using local authentication, now we have turned on SAML SSO and updated the web.config for SSO as well. Wondering if we need to turn off local authentication, again not sure where to do that. Appreciate any help with this.
Cannot my say, unfortunately. You would have to check what credentials are actually being sent to you, and how you did integration to IDP. E.g. in case of Azure Proxy, authentication is done on Azure side, which then sending credentials to Archer.
This is hard to approach, and much better to check with your IDP and Network teams.
I think we need to configure IIS on the Archer server for windows authentication, this took us a step closer. A quick question on the SP certificate, we are using the RSA archer web certificate? Do you know if that is OK?
RSA certificate is a separate entity, it cannot be used for anything else except RSA services. E.g. this cert cannot be used as IIS SSL or AWF SSL.
If you are using Windows Authentication, then you are basically using native MS SSO, and IDP as proxy, not sure if this qualifies as IDP SSO.
What I meant by using Windows authentication is we are leveraging IWA for SSO for SAML applications and turned on IIS on the RSA server for Windows authentication.
Regarding the certificate want to confirm if the Archer Web certificate can be used as SP certificate.
I think you need a new certificate if you need a widely accepted one or if it is used for any sort of authentication by IDP. But if it is only for reference, you may try to use RSA service one.