Configuration

The Sabre Hospitality team will provide the Sign-On URL/Assertion Consumer Service URL that may be needed to provision an application in the chain’s Identity Provider
A SAML 2.0 application will then be needed to be provisioned in the Identity Provider
Once provisioned, the application's SAML 2.0 metadata must then be provided to the Sabre Hospitality Team. The following information is needed:
- IdP Single Sign-On URL
- IdP Issuer Id
- X.509 Certificate
The IdP must be configured to provide custom SAML attributes in the SAML Assertion. The attributes will pertain to the profile information.

Attribute	Description
Context	Identifies the context of the message. *Value: Profile Required*
BusinessContext	Business context of the caller. *Value: BE Required*
ProfileID	The CRM, CRS or GHA member Profile ID. *Required*
LogoutUrl	Placeholder for a future implementation for Single-Sign-Out. Use the hotel brand URL. *Required*
ChainId	Unique ID that identifies hotel chain or management group in SynXis. *Required*
ProfileType	The type of user that is associated to the @ProfileID. *Values: Guest, Booker Required*
IDContext	Id context used to specify the source of the @ProfileID. *Values: CRM, CRS Required*
ProgramID	Identifies the loyalty program. Only valid for GHA Discovery Members. *Value*: GHA

Navigate to Pages > Global Bar and configure the following information under CRM Settings

Select the radio option to "Allow guests to Sign in to Profile through Profile Provider via SAML (CRM/IdP)
Enter the SAML IdP Redirection link
Enter the SAML IdP ID

Relay State must be pointing to the SynXis Booking Engine with the proper combination of the following properties:

config
level
hotel
chain
redirectOnError (Optional flag if an error occurs indicating if the guest should be redirected to the RelayStateUrl or display the generic SBE ACS error page.