This guide describes the steps required to create a working SAML integration between OneLogin and GoBright. All the following steps below are configured in the OneLogin admin portal.
1. Create a custom SAML connector in the Onelogin admin portal
- Go to the OneLogin admin portal
- Add an application ‘SAML Custom Connector (Advanced)’
This will be the application which handles the SAML login flow to GoBright.
(right click image > open in new tab to view full image)
2. Configure SSO & Parameters
- In the OneLogin admin portal, go to the tab ‘SSO’
- Set ‘SAML Signature Algorithm’ to ‘SHA-256’
- Save the settings
- Go to the tab ‘Parameters’
- Add at least the claim for the ‘Name’ of the user:
Claim name: ‘http://schemas.xmlsoap.org/claims/CommonName’
Value : ‘Name’ - Flags : check the checkbox ‘Include in SAML assertion’
3. Gather SSO values
- Go back to the tab 'SSO'
- Gather the value of the SAML 2.0 Endpoint (HTTP). You will need this value later on
- At X.509 Certificate, click on 'View Details' and download the ‘SAML Metadata’ file
- Open the downloaded file in a text editor. You will need this later on
(right click image > open in new tab to view full image)
4. Create the integration in the GoBright Admin Center
- Go to the GoBright Admin Center and click on 'Integrations’
- Open an existing ‘SAML’ integration or create a new integration of type ‘SAML’
- Fill in these items with the values gathered in step 3:
- At ‘Single Sign-on service url’ paste ‘HTTP-Redirect’ / SAML 2.0 Endpoint (HTTP)
- At 'Single Sign-out service url' also paste ‘HTTP-Redirect’ / SAML 2.0 Endpoint (HTTP)
- At ‘Token-signing certificate (Base64)’ paste the contents of the downloaded file as text
- Still on the integration page, gather the following values. You will need these later on
- At Service Provider information:
- ‘Relying party identifier / Entity Id’
- ‘Reply URL (Assertion Consumer Service URL)’
(right click image > open in new tab to view full image)
- At Processing settings:
- ‘Direct login url’
(right click image > open in new tab to view full image)
- ‘Direct login url’
- At Service Provider information:
- Save the settings
5. Configure SSO in the Onelogin admin portal
- Go to the OneLogin admin portal
- Go to the tab ‘Configuration’
- Paste the values gathered in the previous step:
- At Audience (EntityID) paste 'Relying party identifier / Entity Id'
- At ACS (Consumer) URL Validator paste 'Reply URL (Assertion Consumer Service URL)'
- At ACS (Consumer) URL also paste 'Reply URL (Assertion Consumer Service URL)'
- At Single Logout URL paste 'Direct login url'
- At Login URL also paste 'Direct login url'
- Set ‘SAML initiator’ to ‘Service Provider’
- Save the settings
(right click image > open in new tab to view full image)
Next
Proceed to step 3 of the SAML2 federated identity integration article and finish your SAML integration.