SSO for JSM Customers using AWS Cognito as OAuth Provider

1: Setup AWS Cognito as an Identity Provider in miniOrange

• Navigate to Identity Providers tab.

• Click on Add Identity Provider.

• Choose OAuth2.0 from the tab items.

• Choose Custom Provider from the IDP Name dropdown list.

• Enter the display Name for your Identity Provider.
• Now, you’ll need to enter the OAuth Authorize Endpoint, OAuth Access Token Endpoint and OAuth Get User Info Endpoint.

- OAuth Authorize Endpoint: https://${your AWS Cognito Domain}/oauth2/default/v1/authorize
- OAuth Access Token Endpoint: https://${your AWS Cognito Domain}/oauth2/default/v1/token
- OAuth Get User Infor Endpoint:https://${your AWS Cognito Domain}/oauth2/default/v1/userinfo


• Copy your Client ID and Client Secret from your AWS Cognito application and paste it at respective input box.
• Choose Authorization Code Grant in the Grant Type Option.
• Enter openid profile email in the Scope input box.
• Check the Enable for EndUser Login option.
• Copy the OAuth Callback URL, you’ll need to enter this in your AWS Cognito Application.
• Click on save.

2: Setup AWS Cognito as OAuth Provider

• Sign in to AWS Amazon.

• Search for Cognito in the AWS Services search bar as shown below.

• Navigate to the User Pool section in AWS Cognito.

• Select the appropriate User pool and navigate to the Apps Integration section.

• Scroll down to the App Clients section and click on Create App Client button.

• Enter the App client name and scroll down.

• Copy the Callback URL from the miniOrange dashboard and paste it in the Allowed Callback URLs input box.

• Scroll Down and click on Create App Client.

• Choose the newly created app client.

• Copy the client ID and Client Secret and navigate to the miniOrange dashboard

• Paste the client ID and Client Secret in the respective input box in the miniOrange dashboard.

• Navigate to the newly create IDP in the miniOrange dashboard and click on edit.
  Enter the OAuth Access Token and User Info end point as below:-

- https://{cognito domain}/oauth2/authorize
- https://{cognito domain}/oauth2/token


• To get the cognito domain navigate to the Client application created in aws cognito and copy the domain as shown in the below image.

3: Test The Connnection

• Navigate to the Identity Provider section.
• Choose the select option and click on Test connection for the respective IDP.
• You should see a successful response along with the Attributes.

• Now, you can proceed creating an Application within the miniOrange.

4: Create an Application in miniOrange

• Navigate to the Apps tab.
• Click on Add Application.

• Select SAML/WS-FED application type.

• Enter Custom SAML APP.

• Copy the SP Entity ID and ACS Url from the SSO configuration tab provided in the SSO for JSM Customers plugin.

• Paste the SP Entity Id and ACS URL as shown in the below image.

• Click on Save.
• Now, click on the edit option from the list of IDP as shown in the below image.

• Set the Primary Identity Provider to miniOrange in order to access the miniOrange login page. This page will contain various options for the end user to select the desired Identity Provider (IDP) for authentication. Alternatively, you can set it to your Cognito domain to directly redirect the user to your IDP.

5: Configure the SSO for JSM Customers

• Click on the select dropdown and choose the metadata option for the corresponding application.

• Click on the metadata URL button as shown in the below image, you will be redirected to the new tab copy the URL.

• Navigate to SSO for JSM Customers plugin and click on the Import Metadata option, paste the URL you copied in the previous step.

• Click on Test connection.

• You will be redirected to choose the IDP you want to be authenticated with, once you select the IDP you will be redirected to the IDP’s login page. Upon successful authentication you will see a success response containing the configured Attributes.

Recommended Add-Ons