Reference Guide
...
SAML Authentication

Azure AD Configuration

Log in to Azure Active Directory with a user who has the required administrative rights and follow the below steps to create a Kron PAM application for SAML SSO.

  1. Enterprise Applications.
  2. New Application.
  3. Create your Own application.
  4. Give your app a name.
Create your own application
Create your own application

  • Go to the newly created Kron PAM Application.
  • Choose Single Sign-on on the left pane.
  • Choose SAML.
  • Click edit for Basic SAML Configuration.
Basic SAML Configuration
Basic SAML Configuration

  • Enter the information below according to the Kron PAM Information.
  • Note that the IP address of the Kron PAM app will change according to your environment.
Reply URL
Reply URL

Logout URL
Logout URL

  • Go to Step 3 for SAML Certificates.
SAML Certificates
SAML Certificates


Download the Certificate (Base 64) and open it via Notepad. Then copy it inside the notepad.

We will paste it to the SAML configuration on Kron PAM as SAML X509 Certf. Key

  • Go to Step 4 for Kron PAM Configurations.
Set up Kron PAM
Set up Kron PAM


We will copy the above configurations and paste them as the Kron PAM SAML configuration.

  1. Go to Administration > System Configuration Manager > Integration > SAML Configuration.
  2. The Kron PAM Web URL will be pasted as Login Remote URL in the SAML configuration. The Microsoft Entra ID Identifier will be pasted as SAML Entity ID in SAML in the SAML configuration.
  • Go to Kron PAM Properties.
Properties
Properties

  • Go to Properties at the newly created Kron PAM Application copy the User access URL and paste it as the SAML URL in the Kron PAM SAML configuration.
  • At last, enter the Kron PAM Web URL (https://10.20.42.XX/login) as the SAML Remote URL in the SAML configuration of Kron PAM.
  • At the end of the configuration, the Kron PAM screen below will be displayed:
SAML Config
SAML Config


After setting to the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server.

After setting the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server

  1. Open the web.xml file under the following directory. /pam/gui/conf
  2. Find TomcatCorsFilter part and add the Entra ID URL, as shown below in bold.
<filter-name>TomcatCorsFilter</filter-name><filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>https://login.microsoftonline.com</param-value> </init-param>
  • To test the SSO go to the application on Azure and click Single Sign-on on the left pane then go to step 5, and click the button Test button.

A new, left side page will open to ask for the user who will log in to the application. If this user exists in the Kron PAM application, you will log in with no need for credentials.