Reference Guide
...
Single Connect Administration
SAML Authentication

OneLogin Configuration

4min

First you need to add Single Connect to OneLogin as an application. To add Single Connect as an application, perform the following configuration steps in OneLogin:

  1. Go to the Applications section in OneLogin.
  2. Click Add App and search for SAML Custom Connector (Advance).
  3. Enter a display name (such as Single Connect) and then click Save.
  4. Navigate to the Configuration tab of the created Single Connect App.
  5. Fill in the following parameters related to Single Connect:

Audience: singleconnecthost/samlCheck Ex: https://10.20.30.40/login-ui/samlCheck Recipient: URL: singleconnecthost/samlRecipient Ex: https://10.20.30.40/login-ui/samlRecipient ACS (Consumer) URL Validator: Set “.*” regular expression ACS (Consumer) URL: Same as Recipient Ex: https://10.20.30.40/login-ui/samlRecipient Single Logout URL: URL: singleconnecthost/samlLogout Ex: https://10.20.30.40/login-ui/samlLogout

The Email (SAML NameID) should be the same as the Single Connect username.

  • After saving the configurations above, go to the SSO tab of the added application to extract some information for filling Single Connect SAML configuration.

Parameter Name

Example Value

Issuer URL

https://app.onelogin.com/saml/metadata/2e0421c6-f623-4f9f-XXXX-YYY

SAML 2.0 Endpoint (HTTP)

https://single.onelogin.com/trust/saml2/http-post/sso/2e0421c6-f623-4f9f-XXXX-YYY

SLO Endpoint (HTTP)

https://single.onelogin.com/trust/saml2/http-redirect/slo/1708XXX

X.509 Certificate

-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIUG2HXQgRMpy/pUehFqTqzw0YaelAwDQYJKoZIhvcNAQEF BQAwYTEsMCoGA1UECgwjS3JvbiBUZWxla29tdW5pa2FzeW9uIEhpem1ldGxlcmkg QXMxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNj hkQm6mlNsRnfCipDrtz1lqf2VKgc9g== -----END CERTIFICATE-----

After adding Single Connect as an application in OneLogin, you need to set additional configurations in Single Connect.

Step 1: Define the required parameters in Single Connect.

  1. Navigate to Administration > System Config. Man.
  2. Open the SAML Config tab.
  3. Fill in the following parameters related to OneLogin:

Parameter Name

Description

Example Value

Enable SAML

It must be enabled to use SAML authentication.



SAML Entity ID

SAML Test Connector Issuer URL from the OneLogin Portal.

https://app.onelogin.com/saml/metadata/2e0421c6-f623-4f9f-XXXX-YYY

SAML Logout URL

SAML Connector SLO Endpoint (HTTP) URL from the OneLogin Portal

https://single.onelogin.com/trust/saml2/http-redirect/slo/1708XXX

SAML Remote URL

Personal Portal URL

https://single.onelogin.com/portal

SAML URL

SAML Connector SAML 2.0 Endpoint (HTTP) URL from the OneLogin Portal

https://single.onelogin.com/trust/saml2/http-post/sso/2e0421c6-f623-4f9f-XXXX-YYY

SAML X509 Cert. Key

SAML Connector X.509 Certificate from the OneLogin Portal.

*-----BEGIN CERTIFICATE----- MIIEMjCCAxqgAwIBAgIUG2HXQgRMpy/pUehFqTqzw0YaelAwDQYJKoZIhvcNAQEF BQAwYTEsMCoGA1UECgwjS3JvbiBUZWxla29tdW5pa2FzeW9uIEhpem1ldGxlcmkg QXMxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEaMBgGA1UEAwwRT25lTG9naW4gQWNj hkQm6mlNsRnfCipDrtz1lqf2VKgc9g== *-----END CERTIFICATE-----

SAML Configurations
SAML Configurations


Step 2: Add TomcatCorsFilter to the tomcat configuration file. After setting the required configuration in Step 1, you need to TomcatCorsFilter in the tomcat configuration:

  • Open the web.xml file under the following directory. /u01/netright-tomcat/conf
  • Find TomcatCorsFilter part and add Onelogin URL, as shown below in bold.




PREVIOUS
SAML Authentication
NEXT
Azure AD Configuration
Docs powered by Archbee