Versions Compared

Version Old Version 3 New Version Current
Changes made by

Sean McDade

Benoit Desnoyers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
minLevel1
maxLevel7
indent10

Info

About SAML Single Sign-On in SMACSZPC

Single Sign-On can be setup in SMACS ZPC against any Identity Provider (IdP) which supports SAML 2.0.

This guide covers the steps required to setup SAML SSO against Okta, Azure AD & ADFS IdP’s.

For an exhaustive list of supported IDP’s, visit SAML-based products and services.

Install signed certificate on the SMACS machine

Note

Wildcard Certificates are not supported for SSO.

  1. Generate a CSR

    Image Removed

  2. Import the Signed Certificate

  3. Restart Apache via the Stack8 Console (SSH)

...

Anchor
SP-Metadata
SP-Metadata
Provide ZPC Service Provider (SP) Metadata to your Identity Provider (IdP)

Once the certificate installed and working correctly, export the Export the SP Metadata to provide to your IdP.

Alternatively, you can provide the URL to the hosted metadata.xml file to your IdP.

Code Block
languagehtml
https://<SMACS-FQDN>:8443/saml/medatada

...

Adding SMACS as a Service Provider (SP) in OKTA using metadata URL:

...

Adding ZPC as a Service Provider (SP) in ADFS using metadata.xml file:

  1. Click on Add Relying Party Trust

...

  1. Image Added

  2. Select default option “Claims Aware”

...

  1. Image Added

  2. Select “Import data about the relying party from a file”

...

  1. Image Added

  2. Upload the Service Provider (SP) metadata file from previous step.

  3. Provide a meaningful Display Name for

...

  1. ZPC relying party and click “Next”

...

  1. Image Added

  2. Select “Permit everyone” and click

...

  1. “Next”

...

  1. Image Added

  2. Enable “Configure claims issuance policy for this application” checkbox and click “Close”

...

  1. Image Added

Configure Name Identifier (NameID)

...

Configuring Name Identifier Okta

...

Configuring Name Identifier in Azure AD

...

  1. Edit Claim Issuance Policy

...

  1. Image Added

  2. Click “Add Rule”

    Image Modified

  3. Choose Claim rule template “Send LDAP Attributes as Claims” and click “Next”

...

  1. Image Added

  2. Provide a Claim rule name, select the Attribute Store “Active Directory” from the dropdown, provide the

...

  1. value from Username Attribute from LDAP Management in ZPC to Name ID mapping and click “Finish”.

...

  1. Image Added

Download your Identity Provider (IdP) Metadata

Drop this link in your browser to download your IdP metadata.

Code Block
languagehtml
https://< hostname >/federationmetadata/2007-06/federationmetadata.xml

...

Go back into

...

ZPC and complete the SAML SSO Configuration

  1. Import your IDP metadata

...

  1. Image Added

  2. Enable SSO

...

  1. Image Added

  2. Logout from

...

Login to the stack8-console using s8admin account and restart the active side of the machine.

...

Follow the instructions here on how to restart the active side of the smacs machine.

  1. ZPC

  2. Go to the

...

  1. ZPC URL & click the

...

  1. teal login button to authenticate using SAML SSO

...

Use the Recovery URL to bypass Single Sign-On and to login using LDAP.

...

  1. Image Added

  2. For any login issues with SSO, please reach out to ZIRO Support.

    Image Added

Tip

SSO Configuration Complete ✔

Once logged in you will have initiated a Single Sign-On session which will give you access to all other applications registered to your IdP server without having to re log-in.