OneLogin Configuration
First, you need to add Kron PAM to OneLogin as an application. To add Kron PAM as an application, perform the following configuration steps in OneLogin:
- Go to the Applications section in OneLogin.
- Click Add App and search for SAML Custom Connector (Advance).
- Enter a display name (such as Kron PAM) and then click Save.
- Navigate to the Configuration tab of the created Kron PAM App.
- Enter the following parameters related to Kron PAM.
- The following parameters are required, but there are more optional parameters in OneLogin.
Parameter Name | Kron PAM Parameter | Example Value |
---|---|---|
Audience (EntityID) | ||
Recipient | ||
ACS (Consumer) URL Validator* | .* | .* |
ACS (Consumer) URL* | ||
Single Logout URL |
The Email (SAML NameID) should be the same as the Kron PAM username.
After saving the configurations above, go to the SSO tab of the added application to extract some information for filling the Kron PAM SAML configuration.
Parameter Name | Example Value |
---|---|
Issuer URL | |
SAML 2.0 Endpoint (HTTP) | |
SLO Endpoint (HTTP) | |
X.509 Certificate | -----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIUG2HXQgRMpy/pUehFqTqzw0YaelAwDQYJKoZIhvcNAQEF BQAwYTEsMCoGA1UECgwjS3JvbiBUZWxla29tdW5pa2FzeW9uIEhpem1ldGxlcmkg QXMxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNj hkQm6mlNsRnfCipDrtz1lqf2VKgc9g== -----END CERTIFICATE----- |
After adding Kron PAM as an application in OneLogin, you need to set additional configurations in Kron PAM.
Step 1: Define the required parameters in Kron PAM.
- Navigate to Administration > System Config. Man.
- Open the SAML Config tab.
- Fill in the following parameters related to OneLogin:
Parameter Name | Description | Example Value |
---|---|---|
Enable SAML | It must be enabled to use SAML authentication. |  |
SAML Entity ID | SAML Test Connector Issuer URL from the OneLogin Portal. | |
SAML Logout URL | SAML Connector SLO Endpoint (HTTP) URL from the OneLogin Portal | |
SAML Remote URL | Personal Portal URL | |
SAML URL | SAML Connector SAML 2.0 Endpoint (HTTP) URL from the OneLogin Portal | |
SAML X509 Cert. Key | SAML Connector X.509 Certificate from the OneLogin Portal. | *-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIUG2HXQgRMpy/pUehFqTqzw0YaelAwDQYJKoZIhvcNAQEF BQAwYTEsMCoGA1UECgwjS3JvbiBUZWxla29tdW5pa2FzeW9uIEhpem1ldGxlcmkg QXMxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNj hkQm6mlNsRnfCipDrtz1lqf2VKgc9g== *-----END CERTIFICATE----- |
Enable Service Provider Login | This aims to enable the Service Provider initiator for the Login Page. |  |
Service Provider Name | If the Service Provider is enabled, the Provider Name must be filled as free text. | OneLogin |
Icon File | Service Provider Icon | Upload a 64*64 jpeg logo |
Step 2: Add TomcatCorsFilter to the Tomcat configuration file. After setting the required configuration in Step 1, you need to TomcatCorsFilter in the tomcat configuration:
- Open the web.xml file under the following directory. /pam/gui/conf
- Find the TomcatCorsFilter part and add the Onelogin URL, as shown below in bold.