Ga naar hoofdinhoud

SSO Guide

We have implemtented SSO using SAML with the devise_saml_authenticatable gem. This can be configured in admin => settings => Single Sign-On

Single cert

Serverless saml

  • Go to Samling

  • Fill in Name Identifier with a name

  • Fill in Assertion Consumer URL (Recipient) with http://localhost:3000/users/saml/auth

  • Optionally add an Audience value

  • Fill in SAML Attributes with:

  • Go to IdP Metadata

  • Copy the metadata and paste it in ozone

  • If you added an Audience value, then you should also add it in oZone

  • Go to SAML Response Properties

  • Click Next

  • Optional: Fill in a topic id in the RelayState, so that topic will be opened upon a valid login

  • Click Post Response!

Local saml

  • You can start the identity provider with docker-compose up saml_idp
  • Go to http://localhost:8080/simplesaml/module.php/core/authenticate.php and choose test-ozone
  • Login with user1:user1pass
  • Notice an infinite redirect, but the user is created in the database.

Different cert

  • Download your own metadata from: http://localhost:3000/users/saml/metadata
  • Upload that metadata to:
  • Configure samltest Identity Provider based on:
    • Visit http://localhost:4200/admin/settings/identity-provider-configuration
    • Make the SSO Active
    • Select "Metadata URL"
    • Fill in as the "Metadata URL"
    • Fill in urn:oid:0.9.2342.19200300.100.1.3 as the email
    • Fill in urn:oid:2.16.840.1.113730.3.1.241 as the first name
    • Fill in urn:oid: as the last name
  • Login by visiting:
  • Fill in http://localhost:3000/users/saml/metadata as entityId
  • Click GO!
  • Follow the steps on the screen :)