Login with SAML
SAML is one of the two possible ways which the DUM Application allows the end users to login. This guide will walk you though the process of configuring the DUM Application as a valid SAML Service Provider (SP) enabling you and your users to login to DUM Application using the SAML protocol and Onegini Consumer Identity Manager as an Identity Provider (IdP).
What you need
To successfully complete this topic guide you need to ensure following prerequisites:
- have access to DUM Application configuration properties
- have access to Onegini Consumer Identity Manager admin console
- have access to Onegini Consumer Identity Manager instance APIs
Configure SAML Service Provider
There are a couple of steps you need to take in order to successfully configure the DUM Application as a SP within the Onegini Consumer Identity Manager.
Fetch IdP's metadata
Visit the Onegini Consumer Identity Manager metadata page and download its metadata. It should be available under default application port, ex. https://<location of {{book.otherproducts.idp}}>/saml/metadata
. Next, you
need to base64 encode the downloaded document and store the result value under SAML_SP_IDPMETADATA_BASE64
configuration property.
Generate signing key
In order to prove the authenticity and integrity of the SAML messages sent by the DUM Application you need to generate and configure a pair of keys which, will be used in the signing process.
You can generate a key pair using command line OpenSSL
tool.
Private key generation:
$ openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
Public key generation:
$ openssl rsa -pubout -in private_key.pem -out public_key.pem
As the result, you should have two new files private_key.pem
and public_key.pem
containing armoured Base64 representation of your keys. Copy the keys contents stripping out the armour (-----BEGIN ... KEY-----
and -----END ... KEY-----
) and set it to corresponding SAML_SP_SIGNING_PRIVATEKEY
and SAML_SP_SIGNING_CERTIFICATE
configuration properties.
Since the DUM Application will generate an in-memory password protected keystore storing the above keys, you also need to provide the password. It can be set via
SAML_SP_SIGNING_KEYSTOREPASSWORD
configuration property.
Configure DUM Application as a SAML SP within Onegini Consumer Identity Manager
At this stage you should be ready to start the DUM Application up in order to register it as a SP within the Onegini Consumer Identity Manager.
Start the DUM Application application (you can find more info about how to do it in the Quick start section) and visit /saml/metadata
page
in order to retrieve SP's metadata (ex. https://dum-app.dev.onegini.me:8585/saml/metadata). Next you need to define a new SP instance within Onegini Consumer Identity Manager admin console. Please
refer to Onegini Consumer Identity Manager documentation for more details on how to finish this step.
You can find more info about specific configuration properties in the Configuration chapter.