SAML 2.0 Authentication

A Relativity admin can choose to use one of several different authentication methods in order to grant a user permission to login. One of these is SAML 2.0. SAML stands for Security Assertion Markup Language. SAML eliminates the need for passwords, and instead uses cryptography and digital signatures. The user's identity is passed from an identity provider to a service provider. So with SAML authentication these steps will be taken:

1. The user clicks on a link to load an application.

2. The user's IP address is referenced by the application, which then makes an authentication request to the identity provider.

3. The user logs into the identity provider.

4. The identity provider prepares an authentication response and sends it to the service provider.

5. The service provider will confirm the authentication response with a certificate fingerprint.

6. The user is given access to the application.

In Relativity, to configure SAML 2.0, access to the Relativity web server and the primary SQL server is needed. A certificate and re-direct URL must be obtained from the identity provider. Admin can create certificate applications at, which is an identity provider. An application certificate should be copied from the Auth0 site (with the BEGIN and END parameters), and pasted into Relativity. In Relativity an admin will go to . . . . Authenticaiton . . . Authentication Provider. The authentication provider can either be OpenID or SAML 2.0. In Auth0 the SAML 2.0 add-on must be enabled.

Note the issuer and the identity provider URL. SAML authenticates from the user side. The issuer, audience, and identity provider URL should be copied over to Relativity in the Authentication provider settings section. Changes may not take effect until the web server is restarted.

The user id provided by Auth0 will be a long alphanumeric code. In Relativity under User and Group Management . . . User , Login Method information should be entered. Set if to SAML, and enter Relativity as the provider. The user ID is put in the SAML2 Subject field.

An auth0 url will be used to login. It’s the SAML Protocol URL listed in the advanced settings in Auth0. After logging for the first time, a user should be automatically redirected to Relativity.

Admins may use a fiddler trace to monitor traffic between the identity provider and Relativity.

Make use of the SAML panel available in the Chrome browser. Pressing F12 in Chrome will bring up this panel.