We are trying to set-up a SSO (Single Sign On) for one of our client. We have done all the configurations and settings required for SSO.
But still the SSO is not working properly.
Is there any extra configuration needs to be done on Client side ?
Please suggest.
Regards,
Sagar
We have done all the configuration. But still we are not able to establish the SSO.
Please suggeest.
Regards,
Sagar
We have got all the information from the client and we have populated the following-
1] SSO Redirect.
2] Logout Redirect.
3] Name id format.
4] And Certificate.
We are getting redirected to the right URL(SSO Redirect) when trying to access any RMP url.
But it does not go through.
We want to show you the configuration and discuss few points.
Regards,
Sagar
Hi Sagar,
1. Create a test user and login with this test user.
2. Go to ACCOUNT > USERS.
Note: This test user must already be provisioned in AD. Every RunMyProcess user has a unique id which is his email address/login.
3. Go to ACCOUNT > Configuration > 'Authentication method' tab. Select method type : SSO with Samlv2 as shown in screenshot below
4. You are asked to enter 4 parameters:
I. SSO redirect URL = SAML 2.0 Endpoint. When you attempt to access a RunMyProcess page without being RunMyProcess authenticated, Server performs a SAML assertion on this urn and waits the SSO is giving confirmation you're SSO authenticated. In ADFS SSO case this url is :
HTTP-Redirect" =https://rmp.runmyprocess.local/adfs/ls/
We are giving localhost for this test i.e. localhost/adfs/ls/
II. Logout redirect = SLO Endpoint. When you attempt to logout, our server logs you out from RunMyProcess and then performs a SAML request to this URL to log you out from SSO. In ADFS SSO case this url is :
HTTP-POST" =https://rmp.runmyprocess.local/adfs/ls/
We are giving localhost for this test i.e. localhost/adfs/ls/
III. Account Management redirect. SSO Management Page\
https://rmp.runmyprocess.local/adfs/services/trust/artifactresolution
We are giving localhost for this test i.e.
localhost/adfs/services/trust/artifactresolution
IV. Name Id Format. This indicates the name of the field on SSO side where user's email address is stored. After the login SAML assertion is sent, the SSO answers with that field value and the RunMyProcess server will try to find the matching user on the RunMyProcess account.
V. Certificate. This is the SSO certificate RunMyProcess needs to check your SSO is who he claims to be. Do enter the 4 parameters from your SSO settings, then save:
This is a signing certificate in screenshot above, To get this Certificate details, Login to AD FS Server > Open AD FS Management console > Expand Service > Click on Certificates > Export Token-Signing Certificate details
5. User should now be able to login.