Difference between revisions of "Single Sign-On (SSO)"

From IVS Wiki
Jump to: navigation, search
(To configure SSO VALT needs the following information:)
Line 1: Line 1:
VALT is compatible with SAML 2.0
+
<div class="floating_card">VALT is compatible with SAML 2.0</div>
  
 +
<div class="section">
 
- Browse to the the Fully qualified domain name and sign in with a local account
 
- Browse to the the Fully qualified domain name and sign in with a local account
  
Line 8: Line 9:
  
 
- Along the top click on SSO and add SAML config
 
- Along the top click on SSO and add SAML config
 +
</div>
  
 
==To configure SSO VALT needs the following information:==
 
==To configure SSO VALT needs the following information:==
 +
<div class="section">
 
*Certificate in .cer format
 
*Certificate in .cer format
 
*Identity Provider (IDP)
 
*Identity Provider (IDP)
Line 29: Line 32:
 
  signResponses: true
 
  signResponses: true
 
  encryptNameIDs: true
 
  encryptNameIDs: true
 +
</div>
  
 
==User Mapping==
 
==User Mapping==
 +
<div class="section">
 
User mapping is used to map groups in the customer's system to groups within VALT
 
User mapping is used to map groups in the customer's system to groups within VALT
  
Line 40: Line 45:
 
Items to Note:
 
Items to Note:
 
*SSO in VALT is a one to one mapping for groups
 
*SSO in VALT is a one to one mapping for groups
 +
</div>

Revision as of 10:37, 1 September 2022

VALT is compatible with SAML 2.0

- Browse to the the Fully qualified domain name and sign in with a local account

- Click on admin

- Click on Users & Groups

- Along the top click on SSO and add SAML config

To configure SSO VALT needs the following information:

  • Certificate in .cer format
  • Identity Provider (IDP)
  • Remote Sign-In URL
  • Remote Sign-Out URL
  • Display Name Attribute
  • Any other custom attributes needed

SsoConfigInformation.png

After SSO is configured browse to <Replace with VALT Server Address>/saml/metadata.xml to grab the VALT metadata to add to your system

Items to Note:

  • If moving from LDAP to SSO you have to add a custom attribute to map to the username so the usernames will match correctly
  • To migrate current users to SSO the SQL command needs to be run on the database with the correct group ID
UPDATE users set ldap_sync_id = NULL, saml_config_id = 1, userType = 'local'  where deleted_at is null and group_id =
  • Custom Attributes can be usernames if you want to map to something specific or other information that you want to pull into VALT
  • Shibboleth IDP's need the following settings specified:
signAssertions: true
signResponses: true
encryptNameIDs: true

User Mapping

User mapping is used to map groups in the customer's system to groups within VALT

Required:

  • Attribute (The item that gets passed back to VALT)
  • User Value (The value of the item that gets passed back to VALT)

SAML UserMapping.png

Items to Note:

  • SSO in VALT is a one to one mapping for groups