ForgeRock is a continuation of Sun Microsystems’ OpenSSO Enterprise (containing technologies from iPlanet/Sun ONE/DSEE, Glassfish AS, etc.). Open source components are available as OpenAM (https://github.com/OpenIdentityPlatform/OpenAM/releases). SentinelOne is a security platform supporting SAML SSO.
1. We need to create a new Realm, then add new Hosted and Remote providers.
2. New entity provider (remote) should be created via importing metadata file. Please note that the Circle of Trust must be the same for IDP and SP otherwise you will see error “Issuer in Request is not valid”.
In metadata file entityID and AssertionConsumerService Location should be filled with values copied from SentinelOne WebUI.
3. NameID unspecified should be mapped to LDAP email attribute.
4. SAML attribute for mail can be added to SAML Request via piped entry format|mapping.
5. Decoded SAML Response will contain mail as main identifier.
SingleSignOn HTTP-Redirect and realm name (/$realm) should be copied into Sentinel WebUI.
