Use case
The following sections will provide step-by-step instructions to set-up a SAML authentication for your Cloudi-Fi administrators with Cloudi-Fi OneLogin.
Prerequisites
SAML for Administrators URLs
- Navigate to the Cloudi-Fi Admin user interface (UI)
- Go to "Configuration" > "Auth modes" > "SAML"
- Collect the necessary information
Linkback URL
https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/************
***** is your Cloudi-fi public key (Go to your Cloudi-fi Admin interface > Settings > Company Account).
Cloudi-Fi Entity ID
https://admin.cloudi-fi.net/
If "SAML for Administrators" is not available, please open a ticket to Cloudi-Fi Support (How to contact your Cloudi-Fi support ?).
1. Create your OneLogin SAML application
- Go to your OneLogin portal
- Go to the Application section, and add a new application.
Then, research "SAML Custom Connector (Advanced)"
In the Configuration section, define your "App name" (for instance: Cloudi-Fi Admin SAML), enable "Visible in Portal" and Save.
In the Configuration section
- Audience (EntityId) : Cloudi-Fi Entity ID (https://admin.cloudi-fi.net/)
- Recipient : Linkback URL (https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key> ) - see SAML URL
- ACS URL : Linkback URL (https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key> ) see SAML URL
- SAML NameID : Email
In Parameters section, add a new field.
Then add "Email" as Field Name, enable Include in SAML assertion and Save.
Then select Email value and Save.
Now your Cloudi-Fi application is created on OneLogin, click "SSO" to retrieve technical information to be configured on the Cloudi-Fi portal. Here are needed information:
- Issuer URL
- SAML 2.0 Endpoint
Then got to "View details" and copy the X.509 certificate.
2. Cloudi-Fi configuration
To start step 2, make ensure you have all of these information
Issuer URL
SAML 2.0 Endpoint
Attributes_name (in OneLogin) |
Attributes_name (in Cloudi-Fi) |
Details |
ACS URL | Linkback URL |
https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key> |
Recipient | Linkback URL |
https://admin.cloudi-fi.net/auth/module.php/saml/sp/saml2-acs.php/saml/<company_key> |
Audience (EntityId) | Cloudi-Fi Entity ID |
https://admin.cloudi-fi.net/ |
SAML 2.0 Endpoint |
IdP EntityID |
https://*******.onelogin.com/trust/saml2/http-post/sso/****************** |
Issuer URL | IdP Endpoint |
https://app.onelogin.com/saml/metadata/***************** |
X.509 Certificate | IDP Signing Certificate (X509 (Base64) | |
SAML NameID | Email_address Claims |
|
Navigate to the Cloudi-Fi Admin user interface (UI)
Access Configuration > Auth modes > SAML for Administrators
Enter the required values into the respective fields
Fill out the form as described below with details previously retrieved on OneLogin:
- IdP EntityId : SAML 2.0 Endpoint
- Binding Method : POST
- IdP Endpoint : Issuer URL
- Logout Binding Method : POST
- IdP Signing Certificate : X.509 Certificate without "Begin Certificate" and "End certificate" markers
- Email attribute name : Email
Finally, click on Save
Troubleshooting
OneLogin error message
An administrator access to the application and he is redirected to OneLogin authentication Page. He fills out his (email_address, password) and Sign-in. Then he is redirected to an OnLogin Error Page.
Please replay the process and perform a HTTP capture (Perform a Web Request capture in the web browser) and open a ticket to Cloudi-Fi support with the capture attached (see How to contact your support?)
What's next ?
Congratulations on enabling SAML authentication with OneLogin for your Administrators.