Description

Combined authentication and authorization processes are streamlined by SAML for users, identity providers, and service providers. In order to allow the identity provider and service providers to operate independently from each other, SAML offers a solution that centralises user management and grants access to Restyaboard. Shibboleth is a web-based Single Sign-On infrastructure. It is based on SAML, a standard for the exchange of authentication data.

Features / Benefits

  • Allows users to login with given SSO accounts with the configured Service Provider.
  • Saves a lot of time and effort as there is no need to create separate credentials for each member.
  • Easy and secure way which protects the information efficiently.

How to use

  • Click the SAML / Shibboleth settings link on the admin panel apps page for configure.
  • Submit the Identity Provider Metadata to fully configure the SAML Configuration.
  • Give all the servers configuration details to configure SAML.
  • Click the update button to save the SAML configurations.
  • After that SAML will be activated, you can login with SAML login credentials by clicking the Login with SAML button in the Login page and login with SSO Credentials.

My Problems

Wasting a lot of time generating credentials for each member of the Organization.

Fails with protecting sensitive information or data.

Difficult for administrators to track and troubleshoot any problems or issues that arose in the SAML Server.

Installation Steps

  1. Purchase SAML / Shibboleth App
  2. Goto Restyaboard installation root directory. e.g., directory: /usr/share/nginx/html/restyaboard/
  3. Unzip the purchased SAML / Shibboleth app into your root directory
  4. Open a command prompt in the /usr/share/nginx/html/restyaboard/client/apps/r_saml_shibboleth_sso/ path and give the executable permission to the shell file saml_shibboleth_sso.sh.e.g., chmod +x saml_shibboleth_sso.sh
  5. Run the shell script file. e.g., ./saml_shibboleth_sso.sh
  6. Configure SAML / Shibboleth on http://{YOUR_SERVER_NAME}/#/apps/r_saml_shibboleth_sso/settings path in your Restyaboard server.

    Configuration details

    1. IdP metadata XML - It is an XML document containing the information required for SAML-enabled identity or service provider interaction. This document includes e.g., Endpoint URLs, Supported Bindings information, IDs, and Public Keys.
    2. SP Metadata - The metadata from the service provider includes keys, services, and URLs that describe the Restyaboard SAML endpoints.
    3. Identity Provider Name - It is the name identifier that is included in the metadata. Identity Provider names like ADFS, Simple SAML, Salesforce.
    4. IdP Entity ID or Issuer - It is the unique identifier of the Identity Provider or Issuer.
    5. SAML Login URL - Single Sign On Service URL of your Identity Provider.
    6. SAML Logout URL - Single Logout Service URL of your Identity Provider.
    7. X.509 Certificate - The X.509 certificates are the Identity Provider certificates that a SAML configuration uses.
    8. X.509 Multi Certificate Signing - SAML signing certificates ensure that messages are coming from the expected identity and service providers. The SAML certificate is used to sign SAML requests, responses, and assertions from the service to relying applications, such as WebEx or Google Apps.
    9. X.509 Multi Certificate Encryption - SAML encryption certificates ensure that messages are coming from the expected identity and service providers with authenticity and confidentiality.
  7. Finally, clear the browser cache, login with SSO login credentials to login.
Chat