idp Connect for OutSystems applications



Similar documents
HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

HP Software as a Service. Federated SSO Guide

EVault Endpoint Protection 7.0 Single Sign-On Configuration

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

CA Nimsoft Service Desk

Egnyte Single Sign-On (SSO) Installation for OneLogin

HP Software as a Service

Configuring ADFS 3.0 to Communicate with WhosOnLocation SAML

How To Use Saml 2.0 Single Sign On With Qualysguard

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Agenda. How to configure

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

ADFS Integration Guidelines

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

Getting Started with AD/LDAP SSO

CA Performance Center

Internet Information Services Integration Kit. Version 2.4. User Guide

Security Assertion Markup Language (SAML) Site Manager Setup

Flexible Identity Federation

SAML Security Option White Paper

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

IMX Mobile Proxy Administration

Adding Single Sign-On to CloudPassage Halo

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Building Secure Applications. James Tedrick

Connected Data. Connected Data requirements for SSO

PeopleSoft Red Paper Series. E-Learning. By: Gregory Sandford, Benjamin Harr, Leo Popov May 2006

INTEGRATION GUIDE. DIGIPASS Authentication for SimpleSAMLphp using IDENTIKEY Federation Server

Perceptive Experience Single Sign-On Solutions

PHP Integration Kit. Version User Guide

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Copyright: WhosOnLocation Limited

Enabling Single Sign- On for Common Identity using F5

USING FEDERATED AUTHENTICATION WITH M-FILES

SAML-Based SSO Solution

The increasing popularity of mobile devices is rapidly changing how and where we

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Security whitepaper. CloudAnywhere.

HIGHSEC eid App Administration User Manual

T his feature is add-on service available to Enterprise accounts.

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Setup Reset Password Portal. CloudAnywhere. Auteur Emmanuel Dreux

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

DIGIPASS as a Service. Google Apps Integration

RSA Two Factor Authentication

How to Implement Enterprise SAML SSO

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Integration Guide. Enterprise Identity by BlackBerry

Add Microsoft Azure as the Federated Authenticator in WSO2 Identity Server

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Egnyte Single Sign-On (SSO) Installation for Okta

Strong Authentication for Juniper Networks

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Microsoft Office 365 Using SAML Integration Guide

VMware Identity Manager Integration with Active Directory Federation Services 2.0

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Virtual Contact Center

SAML Authentication with BlackShield Cloud

Authentication Methods

Strong Authentication for Microsoft TS Web / RD Web

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

OpenLogin: PTA, SAML, and OAuth/OpenID

Open Source Used In Cisco Instant Connect for ios Devices 4.9(1)

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Pulse Redundancy. User Guide

INUVIKA OPEN VIRTUAL DESKTOP ENTERPRISE

Fuse MQ Enterprise Broker Administration Tutorials

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Copyright Pivotal Software Inc, of 10

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

SAML SSO Configuration

Using SAML for Single Sign-On in the SOA Software Platform

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

OneLogin Integration User Guide

Kerberos Constrained Delegation. Kerberos Constrained Delegation. Feature Description

Cloud Identity Management Tool Quick Start Guide

Flask-SSO Documentation

Improving Security and Productivity through Federation and Single Sign-on

The Top 5 Federated Single Sign-On Scenarios

SAML-Based SSO Solution

Understanding Enterprise Cloud Governance

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

IBM WebSphere Application Server

ANZ TRANSACTIVE MOBILE for ipad

Configuring. Moodle. Chapter 82

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Transcription:

idp Connect for OutSystems applications THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Single Sign-On with Outsystems and Identity Providers (IdP While the general overview of the Single Sign On configuration is the same for all Identity Providers (IdP), Abstract As resources move to the cloud, users experience a proliferation of credentials - the usernames, passwords and, sometimes, devices they use to log in (or authenticate) to cloud-based services. Single sign-on technologies come to the rescue, allowing users to authenticate at a single location and access a range of services without re-authenticating. Since its release in 2005, the Security Assertion Markup Language (better known as SAML) version 2.0 has established itself as the dominant standard for cross-domain web single sign-on in the enterprise space.

Architecture SAML 2.0 defines several roles for parties involved in single sign-on idp Initiated 1. The user opens the idp dashboard 2. The user authenticates 3. A dashboard is presented with all the SSO applications configured in idp 4. The user selects an application 5. idp sends a SAML response to the OutSystems application 6. OutSystems application verifies the SAML response 7. User is logged in OutSystems

Application Initiated 1. User navigates to OutSystems application 2. User is redirected to idp link for application 3. idp redirects user back to OutSystems with a SAML response 4. OutSystems verifies SAML response 5. User is logged in OutSystems 6. idp redirects user back to OutSystems starting location The Anatomy of the Authentication in OutSystems The first thing which happens when you first try to open a page not flagged as anonymous is a security exception.

This security exception is handled inside the preparation of the NoPermission web page: The first section will verify if you are already logged in. If you are and there was a security exception then you are not supposed to be there at all and you re redirected to the Invalid Permissions generic screen. If you are NOT then the system will check how to log you in. On the second section the system will verify if you have Active Directory or LDAP configured in your environment. If so it will redirect to the AD or LDAP authentication. If not it will redirect you to the login screen in the third section.

As you can see this is the ideal place to include a custom login mechanism. For our idp connector it could be something like: Setting up the Identity Provider (IDP) Configure the settings as follows: SAML Version 2.0 is only supported Identity Provider Certificate: Load the token-signing certificate into the OutSystems idp module resources Open service center and configure the setting as follow; o idp_sso_issuer: Identity Provider Single Sign-On Issuer. Paste your entityid in here. (In the example, it is http://fs.outsystems.fi/adfs/services/trust) o idp_sso_url: Identity Provider Login URL: This is the URL of your AD FS SAML endpoint, to which OutSystems will send SAML requests for SP-initiated login. This can be found in the AD FS MMC at Endpoints Token Issuance Type:SAML 2.0/WS- Federation (In the example, it is https://fs.outsystems.fi/adfs/ls/ - note, you must include the slash at the end of the URL!) o idp_attributegroupname: Group attribute of SAML message. If attribute in the response match, then the user groups will be updated. (In the example, it is http://schemas.xmlsoap.org/claims/group) o idp_attributename: Name attribute of SAML message (In the example, it is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name) Parameter is optional. o idp_attributefirstname: Name attribute of SAML message (In the example, it is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname) Parameter is optional. 2001-2014 OutSystems Finland - All rights reserved Page 5 www.outsystems.fi

o o o idp_attributesurname: Name attribute of SAML message (In the example, it is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname) Parameter is optional. idp_attributeusername: Username attribute of SAML message. If value is empty, then saml:subject/saml:nameid value will be used. Parameter is optional. idp_attributeemail: Email attribute of SAML message. (In the example, it is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress) Parameter is optional. SAML User ID Type: To log a user in we can match against OutSystems username. SAML User ID Location: To log the user in we can use either the NameID in the SAML assertion or another attribute (attrbute name should be assigened in the idp_attributeusername parameter). We can use NameID, since AD FS will populate NameID in the SAML Assertion. Setup an Application You will need the provide espace name to the idp. By default it uses caller URL-address for the final redirection. If caller address is empty, then espace default page will be called. On your application create a redirect to the unique URL provided by your idp (see the Anatomy of authentication in OutSystems). In either case, the browser should follow a chain of redirects, ultimately logging you in to your application. If you get a login error use the SAML assertion validator tool. Summary Applications running on the OutSystems platform have access to SAML 2.0 cross-domain Web single sign-on, as does Microsoft Active Directory Federation Services 2.0. This article demonstrates how to configure the two systems to enable seamless SSO from the Windows desktop to OutSystems application without the need for any additional third-party products. 2001-2014 OutSystems Finland - All rights reserved Page 6 www.outsystems.fi

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information