Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

About SAML Single Sign-On in SMACS

Single Sign-On can be setup in SMACS against any Identity Provider (IdP) which supports SAML 2.0.

This guide covers the steps required to setup SAML SSO against Okta, Azure AD & ADFS IdP’s.

For an exhaustive list of supported IDP’s, visit SAML-based products and services.

Install signed certificate on the SMACS machine

Wildcard Certificates are not supported for SSO.

  1. Generate a CSR

  2. Import the Signed Certificate

  3. Restart Apache via the Stack8 Console (SSH)

Provide SMACS Service Provider (SP) Metadata to your Identity Provider (IdP)

Once the certificate installed and working correctly, export the SP Metadata to provide to your IdP.

Alternatively, you can provide the URL to the hosted metadata.xml file to your IdP.

https://<SMACS-FQDN>:8443/saml/medatada

Adding SMACS as a Service Provider (SP) in OKTA using metadata URL:

Adding SMACS as a Service Provider (SP) in ADFS using metadata.xml file:

  1. Click on Add Relying Party Trust

  2. Select default option “Claims Aware”

  3. Select “Import data about the relying party from a file”

  4. Upload the Service Provider (SP) metadata file from previous step.

  5. Provide a meaningful Display Name for the SMACS relying party and click “Next”

  6. Select “Permit everyone” and click “Next””

  7. Enable “Configure claims issuance policy for this application” checkbox and click “Close”

Configure Name Identifier (NameID)

Configuring Name Identifier Okta

Configuring Name Identifier in Azure AD

Configuring Name Identifier in ADFS

  1. Edit Claim Issuance Policy

  2. Click “Add Rule”

  3. Choose Claim rule template “Send LDAP Attributes as Claims” and click “Next”

  4. Provide a Claim rule name, select the Attribute Store “Active Directory” from the dropdown, provide the SAM-Account-Name to Name ID mapping and click “Finish”.

Download your Identity Provider (IdP) Metadata

Drop this link in your browser to download your IdP metadata.

https://< hostname >/federationmetadata/2007-06/federationmetadata.xml

Go back into SMACS and complete the SAML SSO Configuration

  1. Import your IDP metadata

  2. Enable SSO

  3. Logout from SMACS

  4. Login to the stack8-console using s8admin account and restart the active side of the machine.

  5. Follow the instructions here on how to restart the active side of the smacs machine.

  6. Go to the SMACS URL & click the orange login button to authenticate using SAML SSO

  7. Use the Recovery URL to bypass Single Sign-On and to login using LDAP.

SSO Configuration Complete ✔

Once logged in you will have initiated a Single Sign-On session which will give you access to all other applications registered to your IdP server without having to re log-in.

  • No labels