Configuring SAML SSO Using Federated Authentication
With Agility, you can now configure SAML SSO (Security Assertion Markup Language with Single-Sign-On) using the Federated Authentication Module. The following procedure helps you to setup SAML SSO with your company's Identity Provider like, Office 365, OKTA, and so on.
Information Needed to Configure Your IDP
- Single Sing-On URL:
https://{webhost}/{webinstance}/SamlAuth.mvc/Assertion
- (Optional) Single Log out URI:
https://{webhost}{webinstance}/SamlAuth.mvc/LoggedOut
. - Audience URI / SP Entity ID (Suggested):
urn:dgitialai:agility
- Downloaded metadata file or the URL that provides metadata.
Configuring Agility
Add to Agility user.config :{app-root}/{agility}/user.config
<add key="Saml2:IdPMetadata" value="{path-to or url}{idp-metadata.xml}" />
<add key="Saml2:SignatureAlgorithm" value="https://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<add key="WebRoot" value="https://{webroot}" />
Saml2:IdPMetadata
– This is the URL or a physical file from your IDP. If you are using a physical file, ensure that the fie is kept outside of the application directory.WebRoot
- This is root of your application without the web instance.
Configuring Log out Action (Optional)
Add to Agility user.config {app-root}/{agility}/user.config
<add key="Saml2:SignatureValidationPassword" value="{password}"/>
<addkey="LogoutRedirectUrl" value=" https://{webhost}/{webinstance}//SamlAuth.mvc/LogOut" />
<add key="FederatedLogoutRedirectUrl" value="{url}" />
-
Saml2:SignatureValidationCertificate
– This is the path to your certificate, you must keep it outside of the application directory. -
Saml2:SignatureValidationPassword
– This is the certificate password -
LogoutRedirectUrl
– Update this with your web instance. -
FederatedLogoutRedirectUrl
– This is the URL where users are redirected to after they log out. -
In the IIS application pool for your site you may need to update Advanced Settings > Load User Profile from False to True.