When adding your app to the Frog federated IdP, the following data is needed at registration time.

More information about this can be found on the metadata template.

App MetaData

We recommend using long lived self-signed certificates for the trust fabric; this is used to sign and encrypt data. This can be completely separate to the certificate that users see when the browser visits your site. 

Our development URLs will be confirmed to you when we send you our meta-data template for completion.

​

Attributes

Frog needs to know the list of the attributes you require for your application, and the URL you expect each attribute to be sent with.  We will release the attributes you have specified if available for a given user. If you have a specific attribute you need then please talk to the Frog team.

​

 SAML Versions

Frog IDP supports SAML 2 and at the time of writing is based on SimpleSAMLphp v1.12, we recommend you implement the same version for compatability, stability and security.

​

 NameID

Every SAML assertion gets sent with a NameID. We support NameID:

•    Frog learn UUID of the user as the SAML2 NameID

​ ACS URLs and Bindings

Where a Service Provider like has more than one bindings:HTTP-POST entries under their entityID in the Metadata these will be configured as separate applications in Frog.

 SingleSignOnService Binding

Frog supports HTTP-Redirect. You may also find that HTTP-POST works, but this is not supported and may break in future.  Please contact us if you have a strong reason for using HTTP-POST rather than HTTP-Redirect.

 SingleLogoutService Binding

We support Single Logout if a service provider supplies a HTTP-Redirect SingleLogoutService Binding.

Note: it’s up to your application to ensure that you destroy any application cookies that are independent of your SAML cookie when you supply the SingleLogoutService Binding. 

We do not permit partner apps to log users out of FrogLearn.

​