- Loading...
Configuration changes needed to configure SSO (Single sign-on)
1099 Pro has successful configurations with SSO identity providers like OKTA and OpenAM.
Web.config changes:
Note: These should be copied from the Admin/default.config file in the application folder.
- Add the following keys to the web.config file right after the line <add key="AppMode" value="0"/>
- Note: See Appendix 1 at the bottom of this page for comments on what each key does.
<!--
0: Standard 1099Pro.NET login with UserID/ password;
1: SSO (single sign-on) using Identity Provider
→
<add key="AppLogin" value="1"/>
<!--SSO-related keys: necessary when AppLogin=1 →
<add key="entityId" value="ServiceProviderEntityID"/>
<add key="idpID" value="IdentityProviderEntityID"/>
<add key="nameIDFormat" value="0" />
<add key="SingleSignonIdProviderUrl" value="https://IdentityProviderURL" />
<add key="metadatafilename" value="SSO\Docs\IdentityProviderMetadata.xml"/>
<add key="usemetadata" value="false"/>
<add key="idp-certificate" value="SSO\Docs\IdentityProviderCertificate Name.crt"/>
<add key="sp-certificate" value="SSO\Docs\ServiceProviderCertificate Name.crt"/>
<add key="SingleSignOnServiceBinding" value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<add key="httpPostEndPoint" value="https://IdentityProviderEndPoint/HttpPost" />
<add key="httpRedirectEndPoint" value="https://IdentityProviderEndPoint//HttpRedirect" />
<!-- End of SSO-related keys →
- Note: See Appendix 1 at the bottom of this page for comments on what each key does.
- Change the login URL in the authentication section of the web.config file from loginUrl="Security/Login.aspx" to loginUrl="SSO/LoginSSO.aspx".
- See the following example:
<authentication mode="Forms">
<forms loginUrl=" SSO/LoginSSO.aspx" defaultUrl="default.aspx" slidingExpiration="true" timeout="30" protection="All"/>
</authentication>
- See the following example:
Database changes:
- Set the value in table pro1099.SecPrefs.LoginType=3 (SSO type of Login) for RecID=14 (ASP preferences record).
Appendix 1
The following are comments on what each key that is added to the web-config file does.
<add key="AppLogin" value="1"/>
<!--SSO-related keys: necessary when AppLogin=1 -->
<!-- Specifies Service Provider ID as it's identified for IdP →
<add key="entityId" value="ServiceProviderEntityID"/>
<!-- Specifies Identity Provider ID →
<add key="idpID" value="IdentityProviderEntityID"/>
<!-- Specifies UserID format: 0 - UserName/No domain; 1 - Domain\UserName; etc. →
<add key="nameIDFormat" value="0" />
<!-- Specifies Identity Provider URL →
<add key="SingleSignonIdProviderUrl" value="https://IdentityProviderURL" />
<!-- Specifies metadata XML downloaded from Identity Provider App Configuration →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="metadatafilename" value="SSO\Docs\IdentityProviderMetadata.xml"/>
<!-- If "true" the application uses the metadata file specified in "metadatafilename" above to extract the certificate; otherwise the certificate file name specified in "idp-certificate" setting is used →
<add key="usemetadata" value="false"/>
<!-- Specifies IdP certificate used to sign the SAML response. If "usemetadata" setting is "true"; this property is not used. →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="idp-certificate" value="SSO\Docs\IdentityProviderCertificate Name.crt"/>
<!-- Specifies SP certificate used to sign the SAML response. If "usemetadata" setting is "true"; this property is not used. →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="sp-certificate" value="SSO\Docs\ServiceProviderCertificate Name.crt"/>
<!-- HTTP binding type→
<add key="SingleSignOnServiceBinding" value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<!-- Specifies SP-initiated POST endpoint. If "usemetadata" setting is "true"; this property is not used. →
<add key="httpPostEndPoint" value="https://IdentityProviderEndPoint/HttpPost" />
<!-- Specifies SP-initiated Redirect endpoint. If "usemetadata" setting is "true"; this property is not used. →
<add key="httpRedirectEndPoint" value="https://IdentityProviderEndPoint//HttpRedirect" />
<!-- End of SSO-related keys -->