To integrate Single Sign-On (SSO) using the SAML 2.0 protocol, both the Identity Provider (IdP) and the Service Provider (SP) must be configured. To integrate SAML 2.0 SSO, do the following:
Step | Action |
|---|
Choose a SAML 2.0 Identity Provider (IdP) | Select an IdP that supports SAML 2.0, such as Okta, Azure Active Directory, or OneLogin. Set up your IdP by creating an application or service that will act as the identity provider for your SP.
|
Configure the IdP | In your IdP's administration console, configure the necessary settings for your application/service.
This involves providing metadata about your SP, including the entity ID, Assertion Consumer Service (ACS) URL, and the name identifier format.
You may also need to specify attribute mappings, such as the user's email or role, which will be sent in the SAML response.
|
Obtain the IdP Metadata | Retrieve the IdP's metadata, which contains information about the IdP's endpoints, signing certificates, and other configuration details.
This metadata XML file can usually be downloaded from your IdP's administration console or obtained through a metadata URL provided by the IdP.
|
Configure the Service Provider (SP) | Configure your SP application to trust the IdP and handle SAML requests and responses.
This typically involves providing the IdP metadata obtained in the previous step.
The SP should also have an ACS URL, where the IdP will send the SAML response after successful authentication.
|
Generate SP Metadata | Generate the SP metadata XML file, which contains information about your SP such as the entity ID, ACS URL, and public key/certificate used for signing the SAML requests and verifying the responses.
The metadata file can be generated programmatically or manually.
|
Exchange Metadata | Share the SP metadata with the IdP.
This can be done by uploading the SP metadata XML file to the IdP's administration console or providing the metadata URL where the IdP can retrieve the SP metadata.
|
Implement SAML Request/Response Handling | In your SP application, implement the necessary code to handle SAML requests and responses.
This includes validating the SAML response, extracting user attributes, and establishing a session for the authenticated user.
|
Test and Troubleshoot | Test the SSO integration by accessing your SP application and initiating the authentication flow. Monitor the SAML exchanges by checking for any errors or misconfigurations and make necessary adjustments.
|
It is important to note that the specific steps and configurations may vary depending on the IdP and SP you are using, as well as the programming language and frameworks you are working with. It is recommended to consult the documentation and guides provided by your chosen IdP and SP for detailed instructions on SAML 2.0 integration.
Use case with Okta Service Provider
Log in to Okta with administrative access.
Click the Applications menu option from the left-side pane.
Click Create App Integration.
The Create a new app integration page appears.
Click SAML 2.0.
The Create SAML Integration page appears.
Enter the App name and App logo details in the corresponding fields.
Click Next and fill the form with the necessary information.
Click Finish and then click View Setup instructions.
Click Mistnet Configuration.
Log in as an administrator in Mistnet.
Go to Settings and then click Operational.
Click SAML/SSO.
Click Download Certificate in Okta,
Make a switch to one line certificate (we use https://www.samltool.com/format_x509cert.php).
Enter the Issuer URL, SSO URL, and Certificate details in the corresponding fields.
Click Update.
Restart MUI Service.
