Monokee SAML Integration with Secret Server
Third-party vendors create and maintain this integration. Delinea does not guarantee that the integration will work properly or that it respects Delinea product limitations. Delinea has not reviewed this integration and Delinea Support staff can only assist with the Delinea side of setup.
Integration between Secret Server and Monokee allows the use of SAML Identity Provider (IDP) authentication instead of the normal authentication process for single sign-on (SSO). To do this, Secret Server acts as a SAML Service Provider (SP) and communicates with Monokee that's acting as a SAML IDP. Users needing to access Secret Server will not log in through a Secret Server form, but will be redirected to Monokee, which will take care of validating the credentials and communicating the data necessary for user identification to Secret Server, which will eventually log the user in.
Sometimes SAML validates despite having an expired IDP Certificate. This is because the SAML certificate exchange is actually a key exchange—the SAML protocol uses the public/private keys contained within the certificate to secure the communication. Unlike a website's certificate, it is not the URL or metadata within the certificate that is used to help secure the connection, only the key exchange. If the certificate provided by the IDP has been renewed but still works without a change in Secret Server, it means the key is identical, and only the metadata, such as the expiration date, has changed. This is why it does not fail validation—the key is for validation and it has not changed. Had the key changed, Secret Server would not be able to decrypt the SAML messages, and would therefore fail. Delinea does not view this as a security problem and offers this note for clarification.
To learn more about this 3rd-party integration, click here.
