OneLogin Configuration

first, you need to add kron pam to onelogin as an application to add kron pam as an application, perform the following configuration steps in onelogin go to the applications section in onelogin click add app and search for saml custom connector (advance) enter a display name (such as kron pam ) and then click save navigate to the configuration tab of the created kron pam app enter the following parameters related to kron pam the following parameters are required, but there are more optional parameters in onelogin parameter name kron pam parameter example value audience (entityid) https //10 20 42 222/login ui/samlcheck recipient https //10 20 30 40/login ui/samlrecipient acs (consumer) url validator acs (consumer) url https //10 20 30 40/login ui/samlrecipient single logout url https //10 20 30 40/login ui/samllogout the email (saml nameid) should be the same as the kron pam username after saving the configurations above, go to the sso tab of the added application to extract some information for filling the kron pam saml configuration parameter name example value issuer url https //app onelogin com/saml/metadata/2e0421c6 f623 4f9f xxxx yyy saml 2 0 endpoint (http) https //single onelogin com/trust/saml2/http post/sso/2e0421c6 f623 4f9f xxxx yyy slo endpoint (http) https //single onelogin com/trust/saml2/http redirect/slo/1708xxx x 509 certificate begin certificate miiemjccaxqgawibagiug2hxqgrmpy/puehfqtqzw0yaelawdqyjkozihvcnaqef bqawytesmcoga1uecgwjs3jvbibuzwxla29tdw5pa2fzew9uiehpem1ldgxlcmkg qxmxftatbgnvbasmde9uzuxvz2luielkudeambgga1ueawwrt25ltg9naw4gqwnj hkqm6mlnsrnfcipdrtz1lqf2vkgc9g== end certificate after adding kron pam as an application in onelogin, you need to set additional configurations in kron pam step 1 define the required parameters in kron pam navigate to administration > system config man open the saml config tab fill in the following parameters related to onelogin parameter name description example value enable saml it must be enabled to use saml authentication saml entity id saml test connector issuer ur l from the onelogin portal https //app onelogin com/saml/metadata/2e0421c6 f623 4f9f xxxx yyy saml logout url saml connector slo endpoint (http) url from the onelogin portal https //single onelogin com/trust/saml2/http redirect/slo/1708xxx saml remote url personal portal url https //single onelogin com/portal saml url saml connector saml 2 0 endpoint (http) url from the onelogin portal https //single onelogin com/trust/saml2/http post/sso/2e0421c6 f623 4f9f xxxx yyy saml x509 cert key saml connector x 509 certificate from the onelogin portal begin certificate miiemjccaxqgawibagiug2hxqgrmpy/puehfqtqzw0yaelawdqyjkozihvcnaqef bqawytesmcoga1uecgwjs3jvbibuzwxla29tdw5pa2fzew9uiehpem1ldgxlcmkg qxmxftatbgnvbasmde9uzuxvz2luielkudeambgga1ueawwrt25ltg9naw4gqwnj hkqm6mlnsrnfcipdrtz1lqf2vkgc9g== end certificate enable service provider login this aims to enable the service provider initiator for the login page service provider name if the service provider is enabled, the provider name must be filled as free text onelogin icon file service provider icon upload a 64 64 jpeg logo step 2 add tomcatcorsfilter to the tomcat configuration file after setting the required configuration in step 1, you need to tomcatcorsfilter in the tomcat configuration open the web xml file under the following directory /pam/gui/conf find the tomcatcorsfilter part and add the onelogin url, as shown below in bold \<filter name>tomcatcorsfilter\</filter name> \<filter class>org apache catalina filters corsfilter\</filter class> \<init param> \<param name>cors allowed origins\</param name> \<param value>10 20 42 27,https //single onelogin com\</param value> \</init param>