- Loading...
Configuration changes needed to configure SSO (Single Sign On through Identity Provider):
Web.config changes (they could be copied from Admin/default.config file in application folder) :
1.The below keys need to be added to the web.config file right after the line <add key="AppMode" value="0"/>
Note - see Appendix 1 below if you want to see comments for what each key does
<!--
0: Standard 1099Pro.NET login with UserID/ password;
1: SSO (single sign-on) using Identity Provider
→
<add key="AppLogin" value="1"/>
<!--SSO-related keys: necessary when AppLogin=1 →
<add key="entityId" value="ServiceProviderEntityID"/>
<add key="idpID" value="IdentityProviderEntityID"/>
<add key="nameIDFormat" value="0" />
<add key="SingleSignonIdProviderUrl" value="https://IdentityProviderURL" />
<add key="metadatafilename" value="SSO\Docs\IdentityProviderMetadata.xml"/>
<add key="usemetadata" value="false"/>
<add key="idp-certificate" value="SSO\Docs\IdentityProviderCertificate Name.crt"/>
<add key="sp-certificate" value="SSO\Docs\ServiceProviderCertificate Name.crt"/>
<add key="SingleSignOnServiceBinding" value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<add key="httpPostEndPoint" value="https://IdentityProviderEndPoint/HttpPost" />
<add key="httpRedirectEndPoint" value="https://IdentityProviderEndPoint//HttpRedirect" />
<!-- End of SSO-related keys -->
2.The login URL in the authentication section of the web.config file needs to be changed from loginUrl="Security/Login.aspx" to loginUrl="SSO/LoginSSO.aspx" (see below):
<authentication mode="Forms">
<forms loginUrl=" SSO/LoginSSO.aspx" defaultUrl="default.aspx" slidingExpiration="true" timeout="30" protection="All"/>
</authentication>
Database changes:
Set the value in table pro1099.SecPrefs.LoginType=3 (SSO type of Login) for RecID=14 (ASP preferences record).
Appendix 1
Shown below are comments for the below keys which are added to the web.config file right after the line <add key="AppMode" value="0"/>
<add key="AppLogin" value="1"/>
<!--SSO-related keys: necessary when AppLogin=1 -->
<!-- Specifies Service Provider ID as it's identified for IdP →
<add key="entityId" value="ServiceProviderEntityID"/>
<!-- Specifies Identity Provider ID →
<add key="idpID" value="IdentityProviderEntityID"/>
<!-- Specifies UserID format: 0 - UserName/No domain; 1 - Domain\UserName; etc. →
<add key="nameIDFormat" value="0" />
<!-- Specifies Identity Provider URL →
<add key="SingleSignonIdProviderUrl" value="https://IdentityProviderURL" />
<!-- Specifies metadata XML downloaded from Identity Provider App Configuration →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="metadatafilename" value="SSO\Docs\IdentityProviderMetadata.xml"/>
<!-- If "true" the application uses the metadata file specified in "metadatafilename" above to extract the certificate; otherwise the certificate file name specified in "idp-certificate" setting is used →
<add key="usemetadata" value="false"/>
<!-- Specifies IdP certificate used to sign the SAML response. If "usemetadata" setting is "true"; this property is not used. →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="idp-certificate" value="SSO\Docs\IdentityProviderCertificate Name.crt"/>
<!-- Specifies SP certificate used to sign the SAML response. If "usemetadata" setting is "true"; this property is not used. →
<!-- This file must be in the Application directory\SSO\Docs folder→
<add key="sp-certificate" value="SSO\Docs\ServiceProviderCertificate Name.crt"/>
<!-- HTTP binding type→
<add key="SingleSignOnServiceBinding" value="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<!-- Specifies SP-initiated POST endpoint. If "usemetadata" setting is "true"; this property is not used. →
<add key="httpPostEndPoint" value="https://IdentityProviderEndPoint/HttpPost" />
<!-- Specifies SP-initiated Redirect endpoint. If "usemetadata" setting is "true"; this property is not used. →
<add key="httpRedirectEndPoint" value="https://IdentityProviderEndPoint//HttpRedirect" />
<!-- End of SSO-related keys -->
Overview
Content Tools