SAML Changes

Configure SSO for Tradeshift

As part of migrating to a more robust system for SAML, some of our SAML-related configuration items will be changed. This document describes the configuration needed to connect your IdP to Tradeshift.

Current connections point to an old SP and a few properties in your IdP need to change so your IdP points at the new SP.

For connecting using ADFS, please see Configure ADFS to connect to Tradeshift

For the Sandbox environment

  1. Change EntityID to https://accounts-sandbox.tradeshift.com
  2. Change all Single Sign On URLs to https://accounts-sandbox.tradeshift.com/saml/SSO/alias/saml
    1. aka Recipient URL/Destination URL/Assertion Consumer Service URL
  3. Make sure the NameID Format is set to Email
    1. aka “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”)
  4. Enable Assertion Encryption by uploading this certificate
-----BEGIN CERTIFICATE-----MIIFWzCCA0MCCQCWb/P44DQIVzANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoMD1RyYWRlc2hpZnQgSW5jLjEbMBkGA1UEAwwSVHJhZGVzaGlmdCBTQU1MIENBMCAXDTIwMDcyMDE4NTAzMFoYDzIwNTAwNzEzMTg1MDMwWjB0MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoMD1RyYWRlc2hpZnQgSW5jLjEmMCQGA1UEAwwdc2FtbHNwLXNhbmRib3gudHJhZGVzaGlmdC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7yqEDPc3uDk3jMTevBfCiFb/rEe+yPjjdKkZwe1u4OvRRkUM7AeHcJXa0Na1HoFFaK/bZkSQ/L539MrY79vIcvpnrSDl1Al219hKUre3s3rbiEGw3eFi21ArN9XE2tcapADdAMrD8McGxJRI6xdIGL12dqDu1qlJKA48wcp4nhGMKM7de/c+pADXth4gereP14MTn8ZUWOYjq68xkL9WIpU8HoxuuIJRA1poUkgvXOshAXso9Cq3jy21Yl3CLwHEX/aBPKXxnCRf/i79W5HbGw5BxZizdYBG7Vgfyc4Uj18cOvaODRrv8Fok2QAMy6qlejVCVeFsVzYJYkEsBkPdV616ec8RX26erEAeFwjwwv3hARDRKKhEtemAGsf/bLLie2MfcS6pu8cTgYbB2Gtb3gyI3yNNoaQBNZeZzcmbv4J0/NoaECrCWPPmE/lzt+cmG17cucONwmuLytO887tBLa92/XdvZwrJU8vghWUyNyesK9iQBDaxrM3R2CD9NDbkVLA5dRtl7VnDcpF5ajoC6hVNIt+2///EvS1NQFlLP/JxsiwL1lZCnv2wN74/gq7JhCFHZdbnuhwfu/RQeNolO1ohAcE9FXOsi7TFGFQ28En0AjCM2oUFH6RY8kVufGSx/JJlDRaJMyxxcLT7mIVGe6wRTV99A2qffryEPuDg2wQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB/MoYIRmNRyHlwng/t0Fz9R21P5LgWre3T6gQr1q3hbXY9mrU70odCkGcpZ1Soc+WNiRWSFkD5oHNsFDyu+342lQcPafniTJ7QGL6TjWH/F+5WWaz9xCj6RcFxL41naN2cu9ERGILwQfjNH+HS8rh4ipSjKMGiESc0KPLkPFg9VrtSL/KWq6dPvV2jWvfpedGUe0/4Qbwp9z7YU2wlUW/A1b2hpnnpgHGiuh4CA4u0R4xgsePW26UKAm94/kOwVivWxUM0+EMn9o9XJGpEpEfkBatdopmXQLWubbyBuxu99OSTrkIiivoT/jHwnPzUiRnvtKRQ2qZqqBhdGsyYUqozuYORg72bpX7qY3JJEpfzP6edoaPVE2nv/MEIGHsKAGef1zxESDyKUylmQnxsssbjn9e5iEx40MbwAfnZR6IqDV1J8ol2aYiGfpeAT83xfa2a4eqo0oZqJpngK8VXL6/q3qUUdJG8zZxXyosiK8xKjvMK7DUjJY+IwPqPWcsj2nX3AYvTmMucs9vwWD/3wIPhZY0H4eZ4GAO2IUu+8TKrqNPhBpkwn5yjGnwfvavnauwoVwL55DV944F7RRt3dRSlRdRqCcNX3XWU1m7HjY1EuLee0jh86nmx0hEtdZTh/if7NCTfDaa9G+abqLDijb/0pdovm8q65qS9+Zqyfg9s5w==-----END CERTIFICATE-----

For the Production environment

  1. Change EntityID to https://accounts.tradeshift.com
  2. Change all Single Sign On URLs to https://accounts.tradeshift.com/saml/SSO/alias/saml
    1. aka Recipient URL/Destination URL/Assertion Consumer Service URL
  3. Make sure the NameID Format is set to Email
    1. aka “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”)
  4. Enable Assertion Encryption by uploading this certificate
-----BEGIN CERTIFICATE-----MIIFUzCCAzsCCQCWb/P44DQIWDANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoMD1RyYWRlc2hpZnQgSW5jLjEbMBkGA1UEAwwSVHJhZGVzaGlmdCBTQU1MIENBMCAXDTIwMDcyMDE4NTE0NFoYDzIwNTAwNzEzMTg1MTQ0WjBsMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNVBAoMD1RyYWRlc2hpZnQgSW5jLjEeMBwGA1UEAwwVc2FtbHNwLnRyYWRlc2hpZnQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuEVlJWcETqQDVqaq71JwfI1T9YGnV81Ac3V4R2/B+qLxUlLRCxja3MHqYLyMOrCvyx7oWhDME0J8gGVVaJKe+SZStl5+nXqTmoqd3VTxaHgIBM42lJc6bX4bab8gPJnVKA7CYv60XI61M3gMsyx76dJmNVvbppjp/q9kNeDtiVax4CaLy0cTKGgARfvgS1prg9SbMq+//4LruoEbBFIiWvtxvrnN1WyzX60HzuoET6U4bDdL5gsgzczExoF0XE5aLJJZZKZeSy4bilJXi7WwEXgORM3QZNO9otBdtZ6tfjSr1MSkN/8GHTsQe8a0h77u16pu6urIooyzRgGCStFxgpa6EyxCDg+OJ6nmKScwBwPmUWS82d23hNOfTH0+WY/2pPR8CtE1tbzHgO9FY/oTILqx94eXBWSVoFejVUWOkdzmrGu73ohTt6fGSO3uWl1icH2k+MJA/fz9LFjE01ErbjnzbcrroatWkc5EKG4FW+DBZ0PepTzNru7/LEmztbndxoQ7XitH59nB6QcyRA1wly4JJboo+IslVpV3TCi8EAaw8ta+6ugTGe5CDwS3fiXs298gwfLlCUSvE997u0x+AdFEcPwMrkIKBzz2qtA0oJY8agOcl4YSdplaFbMKqC2xTetBI4id182iDOOK1FAwIMGan3RamWeOsqJ7c9zpYrUCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAWxd5ALI26rj+Cwp2tigcVlsTT36jS+HMp+QvmT7sioRer23ARI0irwqqq5Kug+N6/ARSyzzdScfDpjU80Etto53WbL9l6dyMqCTsctZpEb49qeYoQ9D2Mi1dluoTPSXZie66Hk7C29AaCCUOudh4Tf4+zSCKCGzdf/s0c/19qWAkiD5CT6hW6Rw5OKzPKJfXdal5UnyJAD5SFHhu9whOGJSHsWKy2GxfWW2cfkO2aCYY6+jOWLPNI5FbuVbmSDIQtyXHyTpUC0CIwdPZcfcTL9nCplZQEyJzmJroXvOij3G6vX35sWsTs9hg+ShBDYuIwbGnDM6iTlOcS2y1YyiZcku0mOEpquIwCMj5eCT52WS+YFTvdTZdOJOdJ1knSTRlDT++Ft8T9GJom3XE7f55zQx9Ex/nI3rI3CF9Ioa78DLEvp93X0QTXzFgpUgLtKMTdc4oyqUxO83ikf256igLNVpnmFIs1+9MH4cMnSpg18LSdtEOTZslneknB/Ued4BGxG4G0O8EA42emAstsCgOTu4WmP26rDj829dkaBVAWY/6BJQhMxE+Aei5OirU2rc2hOzj7llmj/Yfu+g3rv1wJgSkZrEcgOPObYaMxSBEmaghQQ2Kzl5MF9PUE+aPBphPRfUfe34Wq7Ytt7fK/f0O3ftEBnM3lqbW7ZKXWU+JAps=-----END CERTIFICATE-----