SSO Guide

We have implemtented SSO using SAML with the devise_saml_authenticatable gem. This can be configured in admin => settings => Single Sign-On

Single cert

Serverless saml

• Go to Samling

• Fill in Name Identifier with a name

• Fill in Assertion Consumer URL (Recipient) with http://localhost:3000/users/saml/auth

• Optionally add an Audience value

• Fill in SAML Attributes with:

  id=5
  email=hank@hank.hank
  first_name=hank
  last_name=hank

• Go to IdP Metadata

• Copy the metadata and paste it in ozone

• If you added an Audience value, then you should also add it in oZone

• Go to SAML Response Properties

• Click Next

• Optional: Fill in a topic id in the RelayState, so that topic will be opened upon a valid login

• Click Post Response!

Local saml

• You can start the identity provider with docker-compose up saml_idp
• Go to http://localhost:8080/simplesaml/module.php/core/authenticate.php and choose test-ozone
• Login with user1:user1pass
• Notice an infinite redirect, but the user is created in the database.

Different cert

• Download your own metadata from: http://localhost:3000/users/saml/metadata
• Upload that metadata to: https://samltest.id/upload.php
• Configure samltest Identity Provider based on: https://samltest.id/download/
  • Visit http://localhost:4200/admin/settings/identity-provider-configuration
  • Make the SSO Active
  • Select "Metadata URL"
  • Fill in https://samltest.id/saml/idp as the "Metadata URL"
  • Fill in urn:oid:0.9.2342.19200300.100.1.3 as the email
  • Fill in urn:oid:2.16.840.1.113730.3.1.241 as the first name
  • Fill in urn:oid:2.5.4.42 as the last name
• Login by visiting: https://samltest.id/start-sp-test/
• Fill in http://localhost:3000/users/saml/metadata as entityId
• Click GO!
• Follow the steps on the screen :)

info

The link is broken and needs to be updated.