Before registering NetSuite as service provider, the user must obtain the correct URL of the NetSuite Service Provider Metadata. The URL to be registered depends on the NetSuite environment where the user would like to do the authentication. To obtain the correct URL, the customer has to logon to one's NetSuite account with the role that has a "Setup SAML Single Sign-On" permission and go to Setup > Integration > SAML Single Sign-On.
The following figures show the URL of the NetSuite Service Provider Metadata taken from different NetSuite environments:
From Production, Data Center (DC) 001 accounts:
From Production, Data Center (DC) 002 accounts:
From Sandbox:
When manually adding the Assertion Consumer Service (ACS) URL, the user should look at the correct ACS URL indicated in the XML file. To see that, click on the link for the NetSuite Service Provider Metadata and see the <AssertionConsumerService>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<AssertionConsumerService isDefault="true" index="0"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://system.na1.netsuite.com/saml2/acs" />
<AssertionConsumerService index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://system.netsuite.com/saml2/acs" />
<AssertionConsumerService index="3"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://system.na1.netsuite.com/saml2/acs" />
No comments:
Post a Comment