SAML integration In OneLogin

This guide describes the steps required to create a working SAML integration between OneLogin and GoBright. All the following steps below are configured in the OneLogin admin portal.

1. Create a custom SAML connector in the Onelogin admin portal
  • Go to the OneLogin admin portal
  • Add an application ‘SAML Custom Connector (Advanced)’
    This will be the application which handles the SAML login flow to GoBright.
    1.-create-a-custom-saml-connector.jpg
    (right click image > open in new tab to view full image)
2. Configure SSO & Parameters
  • In the OneLogin admin portal, go to the tab ‘SSO’
  • Set ‘SAML Signature Algorithm’ to ‘SHA-256’
  • Save the settings
  • Go to the tab ‘Parameters’
  • Add at least the claim for the ‘Name’ of the user:
    Claim name: ‘http://schemas.xmlsoap.org/claims/CommonName’
    Value : ‘Name’
  • Flags : check the checkbox ‘Include in SAML assertion’
3. Gather SSO values
  • Go back to the tab 'SSO'
  • Gather the value of the SAML 2.0 Endpoint (HTTP). You will need this value later on
  • At X.509 Certificate, click on 'View Details' and download the ‘SAML Metadata’ file
  • Open the downloaded file in a text editor. You will need this later on
    3.-gather-sso-values.jpg
    (right click image > open in new tab to view full image)
4. Create the integration in the GoBright Admin Center
  • Go to the GoBright Admin Center and click on 'Integrations’
  • Open an existing ‘SAML’ integration or create a new integration of type ‘SAML’
  • Fill in these items with the values gathered in step 3:
    • At ‘Single Sign-on service url’ paste ‘HTTP-Redirect’ / SAML 2.0 Endpoint (HTTP)
    • At 'Single Sign-out service url' also paste ‘HTTP-Redirect’ / SAML 2.0 Endpoint (HTTP)
    • At ‘Token-signing certificate (Base64)’ paste the contents of the downloaded file as text
  • Still on the integration page, gather the following values. You will need these later on
    • At Service Provider information:
      • ‘Relying party identifier / Entity Id’
      • ‘Reply URL (Assertion Consumer Service URL)’
        4.1-create.jpg
        (right click image > open in new tab to view full image)
    • At Processing settings:
      • ‘Direct login url’
        4.-processing_settings.jpg
        (right click image > open in new tab to view full image)
  • Save the settings
5. Configure SSO in the Onelogin admin portal
  • Go to the OneLogin admin portal
  • Go to the tab ‘Configuration’
  • Paste the values gathered in the previous step:
    • At Audience (EntityID) paste 'Relying party identifier / Entity Id'
    • At ACS (Consumer) URL Validator paste 'Reply URL (Assertion Consumer Service URL)'
    • At ACS (Consumer) URL also paste 'Reply URL (Assertion Consumer Service URL)'
    • At Single Logout URL paste 'Direct login url'
    • At Login URL also paste 'Direct login url'
  • Set ‘SAML initiator’ to ‘Service Provider’ 
  • Save the settings
    5.-configure-sso-in-onelogin-admin-portal.jpg
    (right click image > open in new tab to view full image)

Next

Proceed to step 3 of the SAML2 federated identity integration article and finish your SAML integration.

0 out of 0 found this helpful