{"id":15596,"date":"2024-04-17T11:11:55","date_gmt":"2024-04-17T18:11:55","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=15596"},"modified":"2025-06-13T19:26:07","modified_gmt":"2025-06-14T02:26:07","slug":"saml-sso-with-couchbase-server","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/pt\/saml-sso-with-couchbase-server\/","title":{"rendered":"Preparando-se para SAML: Prepara\u00e7\u00f5es essenciais para a integra\u00e7\u00e3o com o Couchbase Server"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">No cen\u00e1rio em evolu\u00e7\u00e3o da seguran\u00e7a digital, a integra\u00e7\u00e3o do Couchbase com um provedor de identidade (IdP) SAML (Security Assertion Markup Language) \u00e9 a base para mecanismos de autentica\u00e7\u00e3o robustos.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Por que voc\u00ea deve implementar o SSO com o Couchbase Server?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">A integra\u00e7\u00e3o do Single Sign-On (SSO) com o Couchbase Server oferece v\u00e1rias vantagens atraentes que o tornam uma adi\u00e7\u00e3o valiosa \u00e0 sua estrat\u00e9gia de gerenciamento de banco de dados:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Gerenciamento centralizado de usu\u00e1rios:<\/b><span style=\"font-weight: 400;\"> O SSO simplifica o provisionamento e o desprovisionamento de usu\u00e1rios ao centralizar as contas de usu\u00e1rios no seu IdP (Identity Provider, Provedor de Identidade). Isso significa que voc\u00ea pode gerenciar sem esfor\u00e7o o acesso do usu\u00e1rio ao Couchbase Server e a outros aplicativos em um \u00fanico local, aumentando a efici\u00eancia e a seguran\u00e7a.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Autentica\u00e7\u00e3o multifator (MFA):<\/b><span style=\"font-weight: 400;\"> Os servidores SSO geralmente incluem suporte para MFA, um recurso de seguran\u00e7a essencial. Ao exigir v\u00e1rias formas de autentica\u00e7\u00e3o, como uma senha e um c\u00f3digo de uso \u00fanico enviado a um dispositivo m\u00f3vel, voc\u00ea aumenta significativamente a prote\u00e7\u00e3o da interface do usu\u00e1rio do Couchbase Server.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Redu\u00e7\u00e3o do gerenciamento de credenciais:<\/b><span style=\"font-weight: 400;\"> A implementa\u00e7\u00e3o do SSO elimina a necessidade de os usu\u00e1rios se lembrarem de v\u00e1rios nomes de usu\u00e1rio e senhas. Isso n\u00e3o apenas simplifica a experi\u00eancia dos usu\u00e1rios, mas tamb\u00e9m reduz o risco de viola\u00e7\u00f5es de seguran\u00e7a relacionadas a senhas.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Em resumo, o SSO com o Couchbase Server oferece uma solu\u00e7\u00e3o avan\u00e7ada para o gerenciamento centralizado de usu\u00e1rios, seguran\u00e7a aprimorada por meio de MFA e uma experi\u00eancia de usu\u00e1rio simplificada com menos credenciais para gerenciar. Esses benef\u00edcios se combinam para simplificar o controle de acesso e aprimorar a postura geral de seguran\u00e7a do seu ambiente do Couchbase Server.<\/p>\n<p><span style=\"font-weight: 400;\">Este artigo serve como um guia introdut\u00f3rio para os fundamentos do SAML e sua fun\u00e7\u00e3o de possibilitar experi\u00eancias seguras de logon \u00fanico (SSO). Embora este artigo se concentre nos princ\u00edpios gerais da integra\u00e7\u00e3o SAML, um pr\u00f3ximo artigo abordar\u00e1 as especificidades da integra\u00e7\u00e3o de v\u00e1rios IdPs com o servidor Couchbase, oferecendo um guia mais personalizado para implementa\u00e7\u00e3o.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Vis\u00e3o geral da autentica\u00e7\u00e3o SAML<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Antes de nos aprofundarmos nos detalhes da configura\u00e7\u00e3o de um servidor de identidade com o Couchbase Server, \u00e9 fundamental entender o mecanismo subjacente da autentica\u00e7\u00e3o baseada em SAML. Isso n\u00e3o apenas o ajudar\u00e1 a compreender as etapas envolvidas, mas tamb\u00e9m o auxiliar\u00e1 na solu\u00e7\u00e3o de problemas.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Termos-chave<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Antes de come\u00e7armos, vamos esclarecer alguns termos-chave que usaremos ao longo deste guia:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SAML<\/b><span style=\"font-weight: 400;\"> (Security Assertion Markup Language): Um padr\u00e3o baseado em XML para troca de dados de autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o entre as partes, especialmente entre um provedor de identidade e um provedor de servi\u00e7os.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>IdP<\/b><span style=\"font-weight: 400;\"> (Provedor de identidade): Um servi\u00e7o que autentica usu\u00e1rios e envia informa\u00e7\u00f5es de identidade para o provedor de servi\u00e7os. Exemplos de IdPs incluem Okta, Auth0, MS Entra ID (Azure AD).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SP<\/b><span style=\"font-weight: 400;\"> (Provedor de servi\u00e7os): O servi\u00e7o que o usu\u00e1rio deseja acessar, que confia no IdP para autenticar os usu\u00e1rios. O Coucbase atuar\u00e1 como o SP nessa configura\u00e7\u00e3o.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SSO<\/b><span style=\"font-weight: 400;\"> (Single Sign-On): Um processo de autentica\u00e7\u00e3o de usu\u00e1rio que permite que um usu\u00e1rio acesse v\u00e1rios servi\u00e7os com um \u00fanico conjunto de credenciais.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Postagem SAML<\/b><span style=\"font-weight: 400;\">: Uma liga\u00e7\u00e3o SAML que permite a transfer\u00eancia de afirma\u00e7\u00f5es SAML dentro do corpo de uma solicita\u00e7\u00e3o HTTP POST.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Redirecionamento SAML<\/b><span style=\"font-weight: 400;\">: Uma associa\u00e7\u00e3o SAML que permite a transfer\u00eancia de asser\u00e7\u00f5es SAML dentro da url de uma solicita\u00e7\u00e3o HTTP GET.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">O que \u00e9 SAML?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A SAML (Security Assertion Markup Language) \u00e9 um padr\u00e3o baseado em XML para troca de dados de autentica\u00e7\u00e3o e autoriza\u00e7\u00e3o entre as partes. No contexto do nosso artigo, essas partes s\u00e3o um provedor de identidade (como Okta ou MS Entra ID (Azure AD)) e um provedor de servi\u00e7os (Couchbase).<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Como o SAML funciona?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Veja a seguir um fluxo simplificado de SSO baseado em SAML:<\/span><\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Solicita\u00e7\u00e3o do usu\u00e1rio<\/b><span style=\"font-weight: 400;\">: O usu\u00e1rio tenta acessar a interface do usu\u00e1rio do Couchbase (provedor de servi\u00e7os).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Redirecionamento<\/b><span style=\"font-weight: 400;\">: Se o usu\u00e1rio ainda n\u00e3o estiver autenticado, o SP (Couchbase Server) redireciona o usu\u00e1rio para o IdP para autentica\u00e7\u00e3o usando uma solicita\u00e7\u00e3o Saml (XML).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Autentica\u00e7\u00e3o<\/b><span style=\"font-weight: 400;\">: O IdP desafia o usu\u00e1rio a fornecer credenciais (como nome de usu\u00e1rio e senha). Uma vez verificadas, o IdP gera uma asser\u00e7\u00e3o SAML para o usu\u00e1rio.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Transfer\u00eancia de asser\u00e7\u00e3o:<\/b><span style=\"font-weight: 400;\"> O IdP envia essa asser\u00e7\u00e3o SAML de volta ao SP (Couchbase Server) por meio de um HTTP POST ou um Redirect (SAML Response)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Verifica\u00e7\u00e3o de SP:<\/b><span style=\"font-weight: 400;\"> O SP verifica a afirma\u00e7\u00e3o SAML e, se for v\u00e1lida, concede ao usu\u00e1rio acesso \u00e0 interface do usu\u00e1rio do Couchbase Server usando as afirma\u00e7\u00f5es encontradas na resposta SAML que recebeu do IdP.<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">Componentes de uma solicita\u00e7\u00e3o SAML<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Abaixo est\u00e1 um exemplo simplificado de uma solicita\u00e7\u00e3o de autentica\u00e7\u00e3o SAML 2.0 (SAML <em>AuthnRequest<\/em>) que o Couchbase pode enviar a um provedor de identidade:<\/span><\/p>\n<pre class=\"nums:false lang:default decode:true\">&lt;samlp:AuthnRequest\r\n\u00a0\u00a0\u00a0\u00a0xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\r\n\u00a0\u00a0\u00a0\u00a0xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"\r\n\u00a0\u00a0\u00a0\u00a0ID=\"id169641890989101756399586\"\r\n\u00a0\u00a0\u00a0\u00a0Version=\"2.0\"\r\n\u00a0\u00a0\u00a0\u00a0IssueInstant=\"2023-10-05T14:48:00Z\"\r\n\u00a0\u00a0\u00a0\u00a0Destination=\"https:\/\/identityprovider.example.com\/SSOService\"\r\n\u00a0\u00a0\u00a0\u00a0AssertionConsumerServiceURL=\"https:\/\/mycouchbase.example.com\/saml\/consume\"\r\n\u00a0\u00a0\u00a0\u00a0ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"&gt;\r\n\r\n\u00a0\u00a0\u00a0\u00a0&lt;saml:Issuer&gt;https:\/\/mycouchbase.example.com\/metadata&lt;\/saml:Issuer&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;samlp:NameIDPolicy\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0AllowCreate=\"true\" \/&gt;\r\n\u00a0\u00a0\u00a0&lt;ds:Signature xmlns:ds=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignedInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:CanonicalizationMethod Algorithm=\"https:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignatureMethod Algorithm=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#rsa-sha1\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Reference URI=\"#_1234567890\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Transforms&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Transform Algorithm=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#enveloped-signature\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Transforms&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:DigestMethod Algorithm=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#sha1\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:DigestValue&gt;...&lt;\/ds:DigestValue&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Reference&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:SignedInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignatureValue&gt;...&lt;\/ds:SignatureValue&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:KeyInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:X509Data&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:X509Certificate&gt;...&lt;\/ds:X509Certificate&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:X509Data&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:KeyInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Signature&gt;\r\n&lt;\/samlp:AuthnRequest&gt;<\/pre>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>ID<\/b><span style=\"font-weight: 400;\">: Um identificador exclusivo para a solicita\u00e7\u00e3o. \u00c9 usado para rastrear o fluxo SAML e para evitar ataques de repeti\u00e7\u00e3o.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Vers\u00e3o<\/b><span style=\"font-weight: 400;\">: Especifica a vers\u00e3o do protocolo SAML que est\u00e1 sendo usada, que \u00e9 <em>2.0<\/em>\u00a0neste caso.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>IssueInstant<\/b><span style=\"font-weight: 400;\">: O registro de data e hora em que a solicita\u00e7\u00e3o foi emitida. Geralmente \u00e9 em UTC e est\u00e1 em conformidade com o padr\u00e3o ISO 8601.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Destino<\/b><span style=\"font-weight: 400;\">: O URL do servi\u00e7o de logon \u00fanico do provedor de identidade. \u00c9 aqui que o <em>AuthnRequest<\/em> ser\u00e1 enviado.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AssertionConsumerServiceURL<\/b><span style=\"font-weight: 400;\">: O URL para o qual o provedor de identidade deve enviar sua resposta. Esse \u00e9 um ponto de extremidade no Couchbase.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>ProtocolBinding<\/b><span style=\"font-weight: 400;\">: Especifica como a asser\u00e7\u00e3o SAML deve ser enviada de volta ao provedor de servi\u00e7os. Neste exemplo, ele est\u00e1 definido para usar a liga\u00e7\u00e3o HTTP POST.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Emissor<\/b><span style=\"font-weight: 400;\">: Especifica a entidade que gerou o <em>AuthnRequest<\/em>. Geralmente corresponde ao<\/span><b> ID da entidade<\/b><span style=\"font-weight: 400;\"> do provedor de servi\u00e7os e, por padr\u00e3o, \u00e9 um URL em que os metadados SAML do Couchbase podem ser encontrados.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Formato NameIDPolicy<\/b><span style=\"font-weight: 400;\">: Especifica o formato do <em>NomeID<\/em> a ser retornado. Isso \u00e9 opcional e, se for omitido, o IdP usar\u00e1 seu padr\u00e3o <em>NomeID<\/em> formato.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>SignatureMethod: <\/b><span style=\"font-weight: 400;\">Especifica o algoritmo usado para a assinatura digital.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>X509Certificate<\/b><span style=\"font-weight: 400;\">: Esses elementos cont\u00eam o certificado p\u00fablico X.509 que o destinat\u00e1rio pode usar para validar a assinatura.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Componentes de uma resposta SAML<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Abaixo est\u00e1 um exemplo simplificado de uma resposta SAML 2.0 (SAML AuthnRequest) que um provedor de identidade (IdP) pode enviar de volta ao Couchbase ap\u00f3s a autentica\u00e7\u00e3o:<\/span><\/p>\n<p>&nbsp;<\/p>\n<pre class=\"nums:false lang:default decode:true\">&lt;samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ID=\"id352723298151130132106815994\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Version=\"2.0\"\r\n\u00a0 \u00a0 \u00a0           InResponseTo=\"id169641890989101756399586\"\r\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IssueInstant=\"2023-10-05T15:48:00Z\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Destination=\"https:\/\/couchbase.example.com\/ACS\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;ds:Signature xmlns:ds=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignedInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:CanonicalizationMethod Algorithm=\"https:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignatureMethod Algorithm=\"https:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Reference URI=\"#_9876543210\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Transforms&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:Transform Algorithm=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#enveloped-signature\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Transforms&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:DigestMethod Algorithm=\"https:\/\/www.w3.org\/2000\/09\/xmldsig#sha1\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:DigestValue&gt;...&lt;\/ds:DigestValue&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Reference&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:SignedInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:SignatureValue&gt;...&lt;\/ds:SignatureValue&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:KeyInfo&gt;\r\n\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:X509Data&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;ds:X509Certificate&gt;...&lt;\/ds:X509Certificate&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:X509Data&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/ds:KeyInfo&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;\/ds:Signature&gt;\r\n\r\n\u00a0\u00a0\u00a0\u00a0&lt;saml:Issuer&gt;https:\/\/identityprovider.example.com\/metadata&lt;\/saml:Issuer&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;samlp:Status&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"\/&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;\/samlp:Status&gt;\r\n\r\n\u00a0\u00a0\u00a0\u00a0&lt;saml:Assertion ID=\"_1234567890\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Version=\"2.0\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IssueInstant=\"2023-10-05T15:48:00Z\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:Issuer&gt;https:\/\/identityprovider.example.com\/metadata&lt;\/saml:Issuer&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:Subject&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:NameID Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"&gt;john.doe&lt;\/saml:NameID&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/saml:Subject&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:Conditions NotBefore=\"2023-10-05T15:43:00Z\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0NotOnOrAfter=\"2023-10-05T15:53:00Z\"&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:AudienceRestriction&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;saml:Audience&gt;https:\/\/couchbase.example.com\/metadata&lt;\/saml:Audience&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/saml:AudienceRestriction&gt;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0&lt;\/saml:Conditions&gt;\r\n\u00a0\u00a0\u00a0\u00a0&lt;\/saml:Assertion&gt;\r\n&lt;\/samlp:Response&gt;\r\n\r\n\r\n<\/pre>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>ID, Vers\u00e3o, IssueInstant, Destino<\/b><span style=\"font-weight: 400;\">: Esses atributos t\u00eam a mesma finalidade que no <em>AuthnRequest<\/em>mas eles s\u00e3o espec\u00edficos para isso <em>Resposta<\/em> mensagem.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Emissor<\/b><span style=\"font-weight: 400;\">: Especifica a entidade que gerou a resposta SAML, neste caso, o IDP.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>StatusCode<\/b><span style=\"font-weight: 400;\">: <em>Sucesso<\/em>\u00a0significa que a autentica\u00e7\u00e3o foi bem-sucedida.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Assunto<\/b><span style=\"font-weight: 400;\">: Descreve o usu\u00e1rio autenticado.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Condi\u00e7\u00f5es<\/b><span style=\"font-weight: 400;\">: Especifica as condi\u00e7\u00f5es sob as quais a afirma\u00e7\u00e3o \u00e9 v\u00e1lida.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Declara\u00e7\u00f5es de atributos<\/b><span style=\"font-weight: 400;\">: Atributos adicionais do usu\u00e1rio definidos pelo IdP ou SP.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Assinatura<\/b><span style=\"font-weight: 400;\">: Uma assinatura digital para verificar a integridade da afirma\u00e7\u00e3o.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Ao compreender esses conceitos fundamentais, voc\u00ea estar\u00e1 mais bem equipado para configurar a autentica\u00e7\u00e3o baseada em SAML entre um provedor de identidade e o Couchbase.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o de problemas e problemas comuns<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Etapas gerais de solu\u00e7\u00e3o de problemas<\/span><\/h3>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Verifique os registros:<\/b><span style=\"font-weight: 400;\"> Tanto o provedor de identidade quanto o Couchbase fornecem logs detalhados que podem oferecer insights sobre o que pode estar errado. Comece sempre verificando esses registros.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Usar ferramentas de depura\u00e7\u00e3o:<\/b><span style=\"font-weight: 400;\"> Baseado em navegador <\/span><a href=\"https:\/\/chrome.google.com\/webstore\/detail\/saml-tracer\/mpdajninpobndbfcldcmbpnnbhibjmch\"><span style=\"font-weight: 400;\">Ferramentas de depura\u00e7\u00e3o de SAML<\/span><\/a><span style=\"font-weight: 400;\"> pode capturar solicita\u00e7\u00f5es e respostas SAML, facilitando a identifica\u00e7\u00e3o de problemas.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Teste com um \u00fanico usu\u00e1rio:<\/b><span style=\"font-weight: 400;\"> Antes de implementar qualquer altera\u00e7\u00e3o em todos os usu\u00e1rios, teste os processos de SSO SAML com uma \u00fanica conta de usu\u00e1rio conhecida para minimizar o impacto.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Verifique o SAMLRequest:<\/b><span style=\"font-weight: 400;\"> tamb\u00e9m \u00e9 importante testar o <\/span><b>Solicita\u00e7\u00e3o SAML<\/b><span style=\"font-weight: 400;\"> que o Couchbase envia para o provedor de identidade (IdP). Isso garante que a solicita\u00e7\u00e3o inicial de autentica\u00e7\u00e3o seja formatada corretamente e inclua todas as informa\u00e7\u00f5es necess\u00e1rias. <\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">O que verificar na mensagem SAML:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Emissor: The <em>&lt;saml:Issuer&gt;<\/em> deve corresponder ao ID da entidade do Couchbase. Isso confirma que a solicita\u00e7\u00e3o est\u00e1 vindo do SP esperado.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">AssertionConsumerServiceURL: Esse atributo especifica para onde o IdP deve enviar a asser\u00e7\u00e3o SAML ap\u00f3s a autentica\u00e7\u00e3o bem-sucedida. Certifique-se de que ele corresponda ao URL do Assertion Consumer Service (ACS) que voc\u00ea configurou no provedor de identidade e no Couchbase.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">NameIDPolicy: O <em>&lt;samlp:NameIDPolicy&gt;<\/em> especifica o formato do NameID a ser retornado. Isso deve estar alinhado com o que voc\u00ea configurou no seu provedor de identidade e no Couchbase.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\">ID e IssueInstant: o atributo ID \u00e9 um identificador exclusivo da solicita\u00e7\u00e3o, e IssueInstant especifica quando a solicita\u00e7\u00e3o foi emitida. Esses atributos s\u00e3o usados com frequ\u00eancia para registro e depura\u00e7\u00e3o.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Verificar o SAMLResponse<\/b><span style=\"font-weight: 400;\">: Declara\u00e7\u00e3o SAML que voc\u00ea recebe em uma solicita\u00e7\u00e3o HTTP POST ap\u00f3s a autentica\u00e7\u00e3o bem-sucedida. <\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">O que verificar na mensagem SAML:<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Emissor<\/b><span style=\"font-weight: 400;\">: O <em>&lt;saml:Issuer&gt;<\/em> deve corresponder ao definido pelo seu IDP. Isso confirma que a afirma\u00e7\u00e3o est\u00e1 vindo do IdP esperado.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>NomeID<\/b><span style=\"font-weight: 400;\">: O <em>&lt;saml:NameID&gt;<\/em> cont\u00e9m o nome de usu\u00e1rio ou o e-mail do usu\u00e1rio autenticado. Verifique se isso corresponde ao que voc\u00ea espera e ao que foi configurado em seu IdP.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Condi\u00e7\u00f5es<\/b><span style=\"font-weight: 400;\">: O <em>&lt;saml:Conditions&gt;<\/em> especifica a janela de tempo em que a asser\u00e7\u00e3o \u00e9 v\u00e1lida. Certifique-se de que os atributos NotBefore e NotOnOrAfter estejam definidos corretamente.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Declara\u00e7\u00e3o de atributo<\/b><span style=\"font-weight: 400;\">: O<em> &lt;saml:AttributeStatement&gt;<\/em> cont\u00e9m os atributos do usu\u00e1rio. Verifique se eles correspondem aos atributos que voc\u00ea configurou em seu provedor de identidade e no Couchbase.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>e-mail<\/b><span style=\"font-weight: 400;\">: Verifique se o atributo email foi passado corretamente e se corresponde ao email do usu\u00e1rio.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Assinatura<\/b><span style=\"font-weight: 400;\">: Embora n\u00e3o seja mostrada na amostra, uma asser\u00e7\u00e3o SAML v\u00e1lida tamb\u00e9m deve incluir uma assinatura digital que o Couchbase possa usar para verificar a integridade da mensagem. Certifique-se de que o Couchbase esteja configurado para verificar essa assinatura em rela\u00e7\u00e3o ao certificado p\u00fablico fornecido pelo seu provedor de identidade.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h3><span style=\"font-weight: 400;\">Problemas e solu\u00e7\u00f5es comuns<\/span><\/h3>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Resposta SAML inv\u00e1lida<\/b><span style=\"font-weight: 400;\"> ou Asser\u00e7\u00e3o<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: os usu\u00e1rios n\u00e3o conseguem fazer login, e uma mensagem de erro indica uma resposta ou asser\u00e7\u00e3o SAML inv\u00e1lida.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Verifique se a resposta SAML est\u00e1 assinada corretamente e se o certificado usado para verifica\u00e7\u00e3o est\u00e1 atualizado nos lados do IdP e do SP.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Incompatibilidade de atributos<\/b>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: Os atributos do usu\u00e1rio n\u00e3o s\u00e3o exibidos ou usados corretamente no Couchbase.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Verifique novamente as configura\u00e7\u00f5es de mapeamento de atributos em seu IdP e no Couchbase. Certifique-se de que os nomes dos atributos sejam exatamente iguais.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>O nome de usu\u00e1rio n\u00e3o pode ser extra\u00eddo<\/b>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: N\u00e3o \u00e9 poss\u00edvel extrair o nome de usu\u00e1rio da asser\u00e7\u00e3o SAML<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Certifique-se de que o formato de nome do atributo SAML seja Unspecified para o atributo Username<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Usu\u00e1rio n\u00e3o encontrado<\/b>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: Acesso negado para o usu\u00e1rio: Insufficient Permissions (Permiss\u00f5es insuficientes)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Crie um usu\u00e1rio externo no Couchbase, pois o usu\u00e1rio que est\u00e1 tentando fazer login por meio do IdP n\u00e3o pode ser encontrado no sistema Couchbase.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Varia\u00e7\u00e3o de tempo<\/b>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: As asser\u00e7\u00f5es SAML s\u00e3o consideradas inv\u00e1lidas, embora todo o resto pare\u00e7a estar configurado corretamente.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Certifique-se de que os rel\u00f3gios do sistema nos servidores IdP e SP estejam sincronizados. A varia\u00e7\u00e3o de tempo pode invalidar afirma\u00e7\u00f5es perfeitamente v\u00e1lidas.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><b>Problemas de logout<\/b>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Sintoma: os usu\u00e1rios n\u00e3o s\u00e3o desconectados do SP ou do IdP durante uma opera\u00e7\u00e3o de logout \u00fanico (SLO).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Solu\u00e7\u00e3o: Verifique se os URLs do Servi\u00e7o de Logout \u00danico (SLS) est\u00e3o configurados corretamente no IdP e no Couchbase. Al\u00e9m disso, verifique se ambos est\u00e3o configurados para usar HTTP POST.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Em resumo, entender as complexidades do SAML \u00e9 essencial para quem deseja fortalecer a seguran\u00e7a da interface do usu\u00e1rio do Couchbase Server. Este artigo serve como um guia b\u00e1sico, examinando os elementos principais do SAML e as nuances t\u00e9cnicas da elabora\u00e7\u00e3o e interpreta\u00e7\u00e3o de mensagens SAML. Os pr\u00f3ximos artigos se concentrar\u00e3o especificamente nos aspectos pr\u00e1ticos da integra\u00e7\u00e3o do Couchbase Server com v\u00e1rios provedores de identidade, incluindo um guia detalhado sobre a integra\u00e7\u00e3o com o Okta, Microsoft Entra ID (Azure AD).<\/span><\/p>\n<h4>Saiba mais sobre o Couchbase<\/h4>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/www.couchbase.com\/blog\/wp-admin\/post.php?post=15570&amp;action=edit\">A grandiosidade do Couchbase Server 7.6: Os 10 principais recursos que todo SRE deve conhecer!<\/a><\/li>\n<li><a href=\"https:\/\/cloud.couchbase.com\/sign-up\">Capella DBaaS - inscreva-se para uma avalia\u00e7\u00e3o gratuita<\/a><\/li>\n<li>Nossa abordagem para <a href=\"https:\/\/www.couchbase.com\/blog\/pt\/products\/security\/\">Seguran\u00e7a de dados de n\u00edvel empresarial<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>","protected":false},"excerpt":{"rendered":"<p>In the evolving landscape of digital security, the integration of Couchbase with a Security Assertion Markup Language (SAML) Identity Provider (IdP) stands as a cornerstone for robust authentication mechanisms. Why Should You Implement SSO with Couchbase Server? Single Sign-On (SSO) [&hellip;]<\/p>","protected":false},"author":84313,"featured_media":15597,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1815,1816,1813],"tags":[9945,9955,9954,9953,9917],"ppma_author":[9812],"class_list":["post-15596","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-best-practices-and-tutorials","category-couchbase-server","category-security","tag-couchbase-7-6","tag-mfa","tag-okta","tag-saml","tag-sso"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.1 (Yoast SEO v26.1.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Getting Ready for SAML: Essential Preparations for Couchbase Server Integration - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Integrate Single Sign-On with Couchbase Server for centralized user management, MFA, &amp; improved security. Discover SAML benefits for database access.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/pt\/saml-sso-with-couchbase-server\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration\" \/>\n<meta property=\"og:description\" content=\"Integrate Single Sign-On with Couchbase Server for centralized user management, MFA, &amp; improved security. Discover SAML benefits for database access.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/pt\/saml-sso-with-couchbase-server\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-17T18:11:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-14T02:26:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Istvan Orban\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Istvan Orban\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/\"},\"author\":{\"name\":\"Istvan Orban, Principal Product Manager\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\"},\"headline\":\"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration\",\"datePublished\":\"2024-04-17T18:11:55+00:00\",\"dateModified\":\"2025-06-14T02:26:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/\"},\"wordCount\":1793,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png\",\"keywords\":[\"Couchbase 7.6\",\"MFA\",\"okta\",\"SAML\",\"SSO\"],\"articleSection\":[\"Best Practices and Tutorials\",\"Couchbase Server\",\"Security\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/\",\"name\":\"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png\",\"datePublished\":\"2024-04-17T18:11:55+00:00\",\"dateModified\":\"2025-06-14T02:26:07+00:00\",\"description\":\"Integrate Single Sign-On with Couchbase Server for centralized user management, MFA, & improved security. Discover SAML benefits for database access.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.couchbase.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#website\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\/\/www.couchbase.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26\",\"name\":\"Istvan Orban, Principal Product Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81\",\"url\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"contentUrl\":\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png\",\"caption\":\"Istvan Orban, Principal Product Manager\"},\"description\":\"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.\",\"url\":\"https:\/\/www.couchbase.com\/blog\/pt\/author\/istvanorban\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration - The Couchbase Blog","description":"Integre o Single Sign-On ao Couchbase Server para obter gerenciamento centralizado de usu\u00e1rios, MFA e seguran\u00e7a aprimorada. Descubra os benef\u00edcios do SAML para acesso ao banco de dados.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/pt\/saml-sso-with-couchbase-server\/","og_locale":"pt_BR","og_type":"article","og_title":"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration","og_description":"Integrate Single Sign-On with Couchbase Server for centralized user management, MFA, & improved security. Discover SAML benefits for database access.","og_url":"https:\/\/www.couchbase.com\/blog\/pt\/saml-sso-with-couchbase-server\/","og_site_name":"The Couchbase Blog","article_published_time":"2024-04-17T18:11:55+00:00","article_modified_time":"2025-06-14T02:26:07+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png","type":"image\/png"}],"author":"Istvan Orban","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Istvan Orban","Est. reading time":"8 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/"},"author":{"name":"Istvan Orban, Principal Product Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26"},"headline":"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration","datePublished":"2024-04-17T18:11:55+00:00","dateModified":"2025-06-14T02:26:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/"},"wordCount":1793,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png","keywords":["Couchbase 7.6","MFA","okta","SAML","SSO"],"articleSection":["Best Practices and Tutorials","Couchbase Server","Security"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/","url":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/","name":"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png","datePublished":"2024-04-17T18:11:55+00:00","dateModified":"2025-06-14T02:26:07+00:00","description":"Integre o Single Sign-On ao Couchbase Server para obter gerenciamento centralizado de usu\u00e1rios, MFA e seguran\u00e7a aprimorada. Descubra os benef\u00edcios do SAML para acesso ao banco de dados.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/04\/image1-1.png","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/saml-sso-with-couchbase-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Getting Ready for SAML: Essential Preparations for Couchbase Server Integration"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"Blog do Couchbase","description":"Couchbase, o banco de dados NoSQL","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"Blog do Couchbase","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26","name":"Istvan Orban, gerente principal de produtos","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/image\/c873b4cba9199faca7f2d3db2f443f81","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","caption":"Istvan Orban, Principal Product Manager"},"description":"Istvan Orban \u00e9 o principal gerente de produtos da Couchbase e mora no Reino Unido. Istvan tem uma ampla experi\u00eancia como engenheiro de software de pilha completa, l\u00edder de equipe e engenheiro de Devops. Seu foco principal \u00e9 a seguran\u00e7a e o Single Sign On. Istvan liderou v\u00e1rios projetos de grande escala em seus 20 anos de carreira profissional.","url":"https:\/\/www.couchbase.com\/blog\/pt\/author\/istvanorban\/"}]}},"authors":[{"term_id":9812,"user_id":84313,"is_guest":0,"slug":"istvanorban","display_name":"Istvan Orban","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png"},"author_category":"","last_name":"Orban","first_name":"Istvan","job_title":"","user_url":"","description":"Istvan Orban \u00e9 o principal gerente de produtos da Couchbase e mora no Reino Unido. Istvan tem uma ampla experi\u00eancia como engenheiro de software de pilha completa, l\u00edder de equipe e engenheiro de Devops. Seu foco principal \u00e9 a seguran\u00e7a e o Single Sign On. Istvan liderou v\u00e1rios projetos de grande escala em seus 20 anos de carreira profissional."}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/users\/84313"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/comments?post=15596"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/posts\/15596\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media\/15597"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/media?parent=15596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/categories?post=15596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/tags?post=15596"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/pt\/wp-json\/wp\/v2\/ppma_author?post=15596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}