SAML SSO Integrations
- Configuring Keycloak Identity provider
- Configuring OneLogin Identity provider
- Configuring Auth0 Identity provider
- Configuring Okta Identity provider
- Configuring AzureAD Identity provider
Configuring Keycloak Identity provider
If your organization uses Keycloak Identity Provider (IdP) for user authentication, you can configure SAML Service provider to allow your users to log in to your ConcreteCMS website using their IdP Keycloak credentials.
Configuration for SAML must be done in two places: at the IdP (Keycloak) and at the SP (Our SAML Service provider package) .In the next sub-chapters, we'll provide guidelines for a basic configuration of Keycloak IdP and how to set up it as your identity provider .
Prerequisite : You must have an Install Keyloak server in your Host and run it .
These steps reflect a third-party application and are subject to change without our knowledge. If the steps described here do not match the screens you see in your IdP account, you can use the general SAML configuration steps, along with the Keyloak IdP’s documentation (https://www.keycloak.org/documentation ) .
1) Add our Service provider informations to Keycloak
The next step enables you to retrieve the information Keycloak needs to work with our SAML Service provider .
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page in our package .
Click Export Metadata button in the bottom of SAML Info section to download an XML file of your SAML configuration settings to send to Keycloak Identity provider.
2) Setup Keycloak IdP
Follow the steps below to configure Keyclock as an Identity Provider
Go to your Keycloak Admin console, select the realm that you want to use.
Select Clients in the right menu and select Create
Use Select file to open the xml file you've saved earlier. (Step 1)
Once imported, Save your settings.
You'll see the following screen, leave its settings untouched unless you know what to configure beyond standard configuration.
3) Add Keycloak IdP informations Into our SAML Service provider
and Save XML File from that link .
Go back to our SAML Service provider package and go to " Dashboard > SAML Service Provider > Identity providers " page .
and select Keycloak Idp from list shown .
The last file contains all the information requested in following sections. If you have this file, you can click in Import Metadata button . And you can now upload it . Select that file and click in Upload button, and the system will parse it to populate the required fields in following sections.
Click on Save
Your configured IdP will be shown in " Dashboard > SAML Service Provider > Identity providers " page .
And at this point, you have successfully configured Keycloak as an Identity provider in the system .
If you have some wrong inputs in previous step , you can edit your configured identity providers by clicking it.
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page .
In Settings section, select your configured identity provider (from step above) appeared in the configured IdPs list .
Click on Save .
After successfully test your connection, you must check your settings in Settings and Appearance sections in the same page .
Activate the system to show your End Users the Login form .
Click on Save .
You should now be see a ‘SAML’ option in the ConcreteCMS login screen . This will redirect users to login to the keycloak instance for their username/password and will create a new ConcreteCMS user account with chosen group (If JIT provisioning is enabled) .
For a better understanding and more advanced configuration please check out the official Keycloak documentation. Also please refer to previous pages in this documentation.
If you are experiencing issues while testing the connection to the Keycloak server, first double-check the configuration options in SAML Service provider package and in Idp ( keycloak ) side . Also check Troubleshooting && FAQ page
Once you've completed the setup steps, it's important to test to make sure everything is working properly.
If you encounter any issues, check to make sure that the values in your IdP and your Service provider match .
You can also refer to the Troubleshooting section: see Troubleshooting.
Configuring OneLogin Identity provider
If your organization uses OneLogin Identity Provider (IdP) for user authentication, you can configure SAML Service provider to allow your users to log in to your ConcreteCMS website using their IdP OneLogin credentials.
Configuration for SAML must be done in two places: at the IdP ( OneLogin ) and at the SP (Our SAML Service provider package) . In the next sub-chapters, we'll provide guidelines for a basic configuration of Keycloak IdP and how to set up it as your identity provider .
These steps reflect a third-party application and are subject to change without our knowledge. If the steps described here do not match the screens you see in your IdP account, you can use the general SAML configuration steps, along with the OneLogin IdP’s documentation ( https://developers.onelogin.com/ ) .
This document assumes that you've already created an account with your selected Identity Provider.
1) Add our Service provider informations to OneLogin
The next step enables you to retrieve the information OneLogin needs to work with our SAML Service provider .
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page in our package .
In the next step, you will need the following information before heading back to the Configuration of OneLogin :
-
Issuer / EntityId
-
Assertion Consumer Service Endpoint
2) Setup OneLogin IdP
Follow the steps below to configure OneLogin as an Identity Provider :
Log in to your OneLogin admin portal.
Select Dashboard > Applications in the top menu and select Add App .
Search for SAML, and select SAML Test Connector(Advanced) .
Enter your display name and click Save .
Navigate to the Configuration tab .
| OneLogin Audience | Our Issuer / EntityId from Step1 |
| OneLogin Recipient | Our Assertion Consumer Service Endpoint from Step1 |
| OneLogin ACS (Consumer) URL Validator | Our Assertion Consumer Service Endpoint from Step1 |
| OneLogin ACS (Consumer) URL | Our Assertion Consumer Service Endpoint from Step1 |
Click Save .
In the next step, you will need the following OneLogin IdP information before heading to the configuration of our SAML Service provider :
-
Issuer URL
-
Endpoint (HTTP)
- X.509 Certificate
Or you can download an XML Metafile file of OneLogin IdP SAML configuration , on the same last page just go to More Actions → SAML Metadata and choose SAML Metadata
3) Add OneLogin IdP informations Into our SAML Service provider
Go back to our SAML Service provider package and go to " Dashboard > SAML Service Provider > Identity providers " page
and select OneLogin IdP from list shown .
Add this values respectfully .
| Issuer / EntityID | OneLogin Issuer URL |
| Single Sign On Service Endpoint (POST binding) | OneLogin SAML 2.0 Endpoint (HTTP) |
|
Certificate |
OneLogin X.509 Certificate (visible under 'View details' blue link) |
Or you can do the last step by importing Metadata file, the last XML Metadata file contains all the information requested in following sections. If you have this file, you can click in Import Metadata button . And you can now upload it . Select that file and click in Upload button, and the system will parse it to populate the required fields in following sections.
Click on Save
Your configured IdP will be shown in " Dashboard > SAML Service Provider > Identity providers " page .
And at this point, you have successfully configured OneLogin as an Identity provider in the system .
If you have some wrong inputs in previous step , you can edit your configured identity providers by clicking it .
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page .
In Settings section, select your configured Identity provider ( OneLogin ) (from step above) appeared in the configured IdPs list .
Click on Save .
Finaly, you must check your settings in Settings and Appearance sections in the same page .
Activate the system to show your End Users the Login form .
Click on Save .
You should now able to see a ‘SAML’ option in the ConcreteCMS login screen . This will redirect users to login to the OneLogin instance for their username/password and will create a new ConcreteCMS user account with chosen group (If JIT provisioning is enabled) .
For a better understanding and more advanced configuration please check out the official OneLogin documentation. Also please refer to previous pages in this documentation.
If you are experiencing issues while testing the connection to the OneLogin server, first double-check the configuration options in SAML Service provider package and in Idp ( OneLogin ) side . Also check Troubleshooting && FAQ page
Once you've completed the setup steps, it's important to test to make sure everything is working properly.
If you encounter any issues, check to make sure that the values in your IdP and your Service provider match .
You can also refer to the Troubleshooting section: see Troubleshooting.
Configuring Auth0 Identity provider
If your organization uses Auth0 Identity Provider (IdP) for user authentication, you can configure SAML Service provider to allow your users to log in to your ConcreteCMS website using their Auth0 IdP credentials.
Configuration for SAML must be done in two places: at the IdP ( Auth0 ) and at the SP (Our SAML Service provider package) .In the next sub-chapters, we'll provide guidelines for a basic configuration of Auth0 IdP and how to set up it as your identity provider .
These steps reflect a third-party application and are subject to change without our knowledge. If the steps described here do not match the screens you see in your IdP account, you can use the general SAML configuration steps, along with the Auth0 IdP’s documentation .
This document assumes that you've already created an account with your selected Identity Provider.
1) Add our Service provider information to Auth0
The next step enables you to retrieve the information Auth0 needs to work with our SAML Service provider .
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page in our package .
In the next step, you will need the following information before heading to the Configuration of Auth0
-
Issuer / EntityId
-
Assertion Consumer Service Endpoint
2) Setup Auth0 IdP
Follow the steps below to configure Auth0 as an Identity Provider :
Log in to your Auth0 admin portal.
Select Dashboard > Applications in the top menu and select Create Application .
Enter your display name and choose Regular Web Applications and click Save .
Navigate to the Addons tab and activate SAML2 WEB APP .
A new popup has been opened , navigate to the Settings
Add this values respectfully .
| Our Assertion Consumer Service Endpoint from Step1 |
Click Enable.
In the next step, you will need the following Auth0 IdP informations before heading to the Configuration of our SAML Service provider
-
Issuer
-
Identity Provider Login URL:
- Identity Provider Certificate:
Or you can download an XML Metadata file of Auth0 IdP SAML configuration , on the same last page click to Identity Provider Metadata download link .
3) Add Auth0 IdP information Into our SAML Service provider
Go back to our SAML Service provider package and go to " Dashboard > SAML Service Provider > Identity providers " page
and select Auth0 IdP from list shown .
Add this values respectfully .
| Issuer / EntityID | Auth0 Issuer |
| Single Sign On Service Endpoint (POST binding) |
Auth0 Identity Provider Login URL: |
|
Certificate |
Auth0 Certificate ( Download Auth0 certificate and view it in TextEditor and copy it's value ) |
Or you can do the last step by importing Metadata file . The last XML Metadata file contains all the information requested in following sections. If you have this file, you can click in Import Metadata button . And you can now upload it . Select that file and click in Upload button, and the system will parse it to populate the required fields in following sections.
Click on Save
Your configured IdP will be shown in " Dashboard > SAML Service Provider > Identity providers " page .
And at this point, you have successfully configured Auth0 as an Identity provider in the system .
If you have some wrong inputs in previous step , you can edit your configured identity providers by clicking it .
Go to " Dashboard > SAML Service Provider > Configuration and Settings " page .
In Settings section, select your configured Identity provider ( Auth0 ) (from step above) appeared in the configured IdPs list .
Click on Save .
After successfully test your connection, you must check your settings in Settings and Appearance sections in the same page .
Activate the system to show your End Users the Login form .
Click on Save .
You should now able to see a ‘SAML’ option in the ConcreteCMS login screen . This will redirect users to login to the Auth0 instance for their username/password and will create a new ConcreteCMS user account with chosen group (If JIT provisioning is enabled) .
For a better understanding and more advanced configuration please check out the official Auth0 documentation. Also please refer to previous pages in this documentation.
If you are experiencing issues while testing the connection to the Auth0, first double-check the configuration options in SAML Service provider package and Idp ( Auth0 ) side . You may also inspect the ConcreteCMS logs to help pinpointing the problem cause. Debug logs may contain more detailed information about the issues
Once you've completed the setup steps, it's important to test to make sure everything is working properly.
If you encounter any issues, check to make sure that the values in your IdP and your Service provider match .
You can also refer to the Troubleshooting section: see Troubleshooting.
Configuring Okta Identity provider
coming soon.
Configuring AzureAD Identity provider
Coming soon.