Table of Contents

Search

  1. Preface
  2. Introduction to Portal Configuration Tool
  3. Getting Started with the Portal
  4. Creating a Portal
  5. Adding Pages to Portal
  6. Managing a Portal
  7. Localizing a Portal
  8. Customizing a Portal
  9. Deploying a Sample Portal

Portal Configuration Tool Guide

Portal Configuration Tool Guide

Configuring Single Sign-On for a Portal

Configuring Single Sign-On for a Portal

Single sign-on is an authentication service that allows a user to use one set of credentials to access multiple applications. It allows users to sign in to an identity provider application for authentication and grants access to other applications your service provider hosts.
An identity provider is an entity that manages authentication information and provides authentication services through the use of security tokens. For example, Microsoft Azure, Okta, or Salesforce. A service provider is an entity that provides web services to users. For example, an entity that hosts web applications. You can configure single sign-on for the portal you create or import through the Portal Configuration tool. You must enable external authentication to configure single sign-on when you create or import a portal.
Before you configure single sign-on, ensure that you add the provider property
provider.type
and set its value to
SAML
in
Portal Login Module
in Security Providers tool of the Hub Console.
  1. On the
    Home
    page, select the portal for which you want to configure single sign-on.
  2. Click the
    Action
    icon on the portal, and select
    SSO Configurations
    .
    The
    SSO Configurations
    option appears only on published portals.
    When you configure for the first time, the
    SSO Quick Setup Steps
    dialog box appears.
  3. Read through the instructions, and click
    OK
    .
    To see the quick setup steps again, click
    SSO Quick Setup Steps
    in the
    Service Provider Settings
    section.
  4. Click
    Download Service Provider Metadata
    .
    The service provider metadata XML file is downloaded.
  5. To digitally sign in the authentication request before sending it to your identity provider, select
    Sign Authentication Request
    .
  6. To digitally sign in the log out request before sending it to your identity provider, select
    Sign Logout Request
    .
  7. Upload the service provider metadata file to your identity provider application. For example, to upload the service provider metadata file to Microsoft Azure, perform the following steps:
    1. Log in to Microsoft Azure portal.
    2. Select the enterprise application that you want to configure.
    3. Click
      Set up single sign on
      .
      The
      Select a single sign-on method
      page appears.
    4. Click
      SAML
      .
      The
      Set up Single Sign-On with SAML
      page appears.
    5. Click
      Upload metadata file
      .
    6. Navigate to the service provider metadata file that you downloaded, and click
      Add
      .
      The
      Basic SAML Configuration
      page appears displaying values from the service provider metadata file.
      If the upload fails and the values do not appear on the
      Basic SAML Configuration
      page, navigate to the
      Set up Single Sign-On with SAML
      page and click
      Edit
      to add the values manually from the service provider metadata file.
    7. To redirect the user to a page after the user logs out, enter a logout URL.
    8. Click
      Save
      and
      Close
      .
    9. Download the federation metadata XML file from the
      SAML Signing Certificate
      section on the
      Set up Single Sign-On with SAML
      page.
  8. In the
    Identity Provider Settings
    section of the Portal Configuration tool, click
    Choose File
    .
  9. Navigate to the federation metadata XML file that you downloaded, and click
    Open
    .
    By default, the
    NameID
    element is mapped to the
    User Name Mapping
    field. You can also map the path to the email address in the
    User Name Mapping
    field.
    The fields in the
    Identity Provider Settings
    section populates with values from the federation metadata XML file.
  10. Click
    Save
    .

0 COMMENTS

We’d like to hear from you!