SAML 2.0 SSO setup guide

  • 19 May 2020
  • 3 replies
  • 1056 views

Userlevel 6
Badge +1
  • Product Guru
  • 26 replies posted

What is SAML 2.0?

The inSided Community SAML scheme is based on SAML 2.0 and supports the SP Redirect Request; IdP POST scenario. SAML 2.0 is an open standard for exchanging authentication and authorization data between parties - in particular, between an identity provider and a service provider. The specification can be found here

Key Terms

  • Service Provider: the side that needs the authentication from third-party service to grant authorization to the user (Community).
  • Identity Provider: the other side that creates, maintains, and manages users identity information (Server).

SAML 2.0 Flow Representation

In order to understand how the SAML 2.0 process integrates into the overall Community SSO architecture (i.e. Steps #1-3 in the diagram below) please see Single Sign-on (SSO): Getting Started.

wVaHCjYq1-Y8ViGL_4z0OS2i_IMCGGWqzG5hCRASV4_KwbU2wUo_206OB3m3CmTrhsmSVJw5FgeM5JOkbp8FJeDQQKve3uhT99jTnwiGpOotCf48QeuufWvGqm1AwbbItVxSulzU

  1. Community redirects User to the Single Sign On URL with GET attaching generated AuthnRequest (see XML example at bottom of this article).

  2. Server authenticates the User and obtains consent/authorization.

  3. Server fetches user Profile data

  4. Server generates SAML Response and sends it to Assertion Consumer Service URL with POST 

  5. Community receives SAML Response (see XML example at bottom of this article), validates it by using Public Key and extracts id

Assertion Consumer Service URL can be taken from Service Provider Metadata (AssertionConsumerService.Location) or from AuthnRequest (AssertionConsumerServiceURL).

After retrieving the Profile data, Community starts #Step 3 of Community Single Sign-on.

 

How to Configure SAML 2.0 on inSided

 

Server configuration

  • Set up a SAML 2.0 compatible Server with the following endpoints:
    • Single Sign-On. 
  • You can find the Service Provider Metadata by logging into the inSided Control environment as an administrator, and navigating to Integrations > SSO > SAML 2.

 

Service Provider Metadata
You can get this metadata from inSided both as a URL and a download.

Community (inSided) configuration

  1. Log in to Control as an Administrator
  2. Go to Integrations > SSO > SAML 2.
  3. Fill in the following required fields:
    • Single Sign On URL
    • Public Key (Identity Provider public key in X.509 format) 
  4. Press install.

Once you’ve installed your configuration, we recommend using the built-in inSided SSO testing tool before you enable SSO for end users.

Permissions required to configure SAML 2.0 on inSided

You must have a community account with the ‘Administrator’ permission in order to configure SAML 2.0 SSO on inSided.


3 replies

HI All

 

Can someone answer the below please?

 

We have enable the SAML logins and when I go to login it mentions I already have an account which stops me from being able to customize the Community home page. I then removed my account and registered but now I am unable to change my account into an admin and I am now locked out of the control panel

 

What can i do at this point? Also admins can not see user accounts so i i wanted my account to be erased where can i find this as an admin?

Userlevel 4
Badge +1

Hi @djoslin! I have checked your account and you have now admin permissions. If you’re still encountering issues let me know in our Asana board and we can investigate this further. 

Do you support the RelayState parameter? I am trying to redirect my users to the right place after authenticating but it seems like the value passed in RelayState is being ignored. Do you know another way to accomplish this?

Thank you in advance!!

Reply