Login with SAML | Delegated User Management Application

SAML is one of the two possible ways which the DUM Application allows the end users to login. This guide will walk you though the process of configuring the DUM Application as a valid SAML Service Provider (SP) enabling you and your users to login to DUM Application using the SAML protocol and Onegini Consumer Identity Manager as an Identity Provider (IdP).

What you need

To successfully complete this topic guide you need to ensure following prerequisites:

have access to DUM Application configuration properties
have access to Onegini Consumer Identity Manager admin console
have access to Onegini Consumer Identity Manager instance APIs

Configure SAML Service Provider

There are a couple of steps you need to take in order to successfully configure the DUM Application as a SP within the Onegini Consumer Identity Manager.

Fetch IdP's metadata

Visit the Onegini Consumer Identity Manager metadata page and download its metadata. It should be available under default application port, ex. https://<location of {{book.otherproducts.idp}}>/saml/metadata. Next, you need to base64 encode the downloaded document and store the result value under SAML_SP_IDPMETADATA_BASE64 configuration property.

Generate signing key

In order to prove the authenticity and integrity of the SAML messages sent by the DUM Application you need to generate and configure a pair of keys which, will be used in the signing process.

You can generate a key pair using command line OpenSSL tool.

Private key generation:

$ openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048

Public key generation:

$ openssl rsa -pubout -in private_key.pem -out public_key.pem

As the result, you should have two new files private_key.pem and public_key.pem containing armoured Base64 representation of your keys. Copy the keys contents stripping out the armour (-----BEGIN ... KEY----- and -----END ... KEY-----) and set it to corresponding SAML_SP_SIGNING_PRIVATEKEY and SAML_SP_SIGNING_CERTIFICATE configuration properties.

Since the DUM Application will generate an in-memory password protected keystore storing the above keys, you also need to provide the password. It can be set via SAML_SP_SIGNING_KEYSTOREPASSWORD configuration property.

Configure DUM Application as a SAML SP within Onegini Consumer Identity Manager

At this stage you should be ready to start the DUM Application up in order to register it as a SP within the Onegini Consumer Identity Manager. Start the DUM Application application (you can find more info about how to do it in the Quick start section) and visit /saml/metadata page in order to retrieve SP's metadata (ex. https://dum-app.dev.onegini.me:8585/saml/metadata). Next you need to define a new SP instance within Onegini Consumer Identity Manager admin console. Please refer to Onegini Consumer Identity Manager documentation for more details on how to finish this step.

You can find more info about specific configuration properties in the Configuration chapter.