• Home
• Login with External IDP
• ISAM Single Sign-On

Configure ISAM as SAML IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure ISAM as an IDP for Single Sign-On (SSO) into your applications/websites. Here, ISAM will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with ISAM, making it easier and quick to implement. Our team can also help you set up ISAM as SAML IDP to login into your applications.

Follow the Step-by-Step Guide given below for ISAM Single Sign-On (SSO)

1. Configuring miniOrange as Service Provider (SP) in ISAM

• Login to ISAM as admin.
• Go to Secure Federation > Manage > Federations.
• Click on Add button to add new federation.



• Enter the name of your federation and select SAML 2.0. Then click Next.



• On the Template section click on your Quick Connect.



• For Point of Contact, type https://<reverse proxy hostname>/isam.

Follow these steps to configure or get your proxy hostname.

• Go to Secure Web Settings > Manage > Reverse Proxy.
• Select your reverse proxy hostname and select Manage > Configuration > Edit Configuration File .
• Use your browser find tool (Ctrl+f) to find and edit the following:
[server] web-host-name = <your-hostname> [step-up] verify-step-up-user = no [session] user-session-ids = yes inactive-timeout = 1800 create-unauth-session = yes
• If you are setting up a new proxy instance then save and restart your instance.



• Select your Certificates and Key value in the Signature and Encryption Option sections. You can find or configure / import your certificates from Manage Systems Settings > Secure Settings > SSL Certificates.
• Review the summary and click the OK button.
• Select the newly created Federation name and click on Export. The browser shows a message window that prompts you to save the file containing the exported data.



• Click OK. The browser download window prompts for a location to save the file.
• Choose the directory and save the metadata file, keep the metadata file handy as it will be needed to configure step 2.
• Click Save.
• Now, go to your Federation and click Partners.



• Click on Add to add new partner



• Fill in General Information like Name of your application and Enabled the checkbox.



• In the Single SignOn Settings enter the Provider ID: <Your application domain>.



• From the SSL Certificates, enter the Certificate Database and Certificate Label, and also enable the checkbox labeled Does SP sign authentication requests? under Signature Options.



• In the Encryption Options, Mapping Rules Options, and Attribute Mapping Options sections , keep the default settings.
• Click on Next.
• Review the Summary and click OK, verify that partner is added successfully.

2. Configure ISAM as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for SAML Provider.



• Click on Import IDP metadata.



• Choose an appropriate IDP name. Browse for the file downloaded from ISAM.
• Click on Import.



• As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.



• Click Save.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid ISAM credentials (credentials of user assigned to app created in ISAM), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of ISAM as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers go to the Three dot (⋮) icon >> Attribute Mapping ISAM as IdP.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know More about Single Sign On
• Learn more about how miniOrange functions as an Identity Broker