Setup SSO into your application using SAML Identity Provider with JWT protocol

Setup SSO into your application using SAML Identity Provider with JWT protocol


Enable Single Sign-On into your application with your existing SAML 2.0 compliant Identity Provider. This would provider user the capability of login into his application using his SAML IdP credentials. This is done using JSON Web Token (JWT) tokens and it can be easily integrated with your application built in any framework or language. In case you need our help with below integration or sample code for JWT for your language, feel free to reach out at idpsupport@xecurify.com

Pre-requisites

  • SAML 2.0 supported Identity Provider (In case you don't have IdP, you can use miniOrange as an Identity Provider).
  • Customizations support in your applications to integrate SSO changes below.

Follow the simple Step-by-Step Guide given below for SSO into your application using SAML IdP :

Connect SAML IDP to miniOrange

    A] Configure your Identity Provider settings in miniOrange:

    • Go to miniOrange Admin Console.
    • From the left navigation bar select Identity Provider.
    • SAML IDP with JWT protocol - Identity Provider
    • Select SAML tab then Click on Import IDP metadata.
    • SAML IDP with JWT protocol - IDP Metadata

    • Enter IDP name and download the SAML Metatda file from your IdP.
    • Click on Import and browse the downloaded file.
    • If you don't have metadata file, you can also provide the details manually. You need to configure following endpoints:
    • IDP Entity ID Entity ID of IDP
      Single Login URL Login Url from IDP
      Single Logout URL Logout Url from IDP
      X.509 Certificate The public key certificate of your IDP.
    • Few other optional features that can be configured to the Identity Provider (IDP) are listed in the table below:
    • Domain Mapping Can be used to redirect specific domain user to specific IDP
      Show IdP to Users Enable this if you want to show this IDP to all users during Login
      Send Configured Attributes Enabling this would allow you to add attributes to be sent from IDP
    • Click on Save.

    B] Configure miniOrange settings in your Identity Provider:

    • For Basic SAML configuration you need to get the Entity ID, ACS URL Validator, ACS URL and Single Logout URL from miniOrange.
    • Go to miniOrange Dashboard and click on Identity Providers section then click on SAML idp that you have configured.
    • Now click on the Metadata from select dropdown to get miniorange metadata as shown in Screen below.
    • SAML IDP with JWT protocol - Download Metadata

    • For SP -INITIATED SSO section Select Show Metadata Details.
    • SAML IDP with JWT protocol - Metadata Details
    • Enter the values in the SAML configuration as shown in below table.
    • Audience (EntityID) Entity ID or Issuer
      ACS (Consumer) URL Validator ACS URL
      Single Logout URL Single Logout URL
      Sign on URL (optional required during IDP-initiated SSO) Show SSO Link from Step 2

2. Setup you Application with miniOrange

    1. Configure Your application in miniOrange

    • Login to miniOrange Admin Console.
    • Go to Apps and click on Add Application button.
    • SAML IDP with JWT protocol - Add Application
    • In JWT App click on Create App.
    • In the Add Apps , click on JWT app and enter the values and click on Save.
    • SAML IDP with JWT protocol - JWT App
      Custom Application Name Choose an appropriate name according to your choice.
      Description Add appropriate description according to your choice.
      Redirect-URL Endpoint of your application, which will receive the JSON Web token and process it.
      Group Name Default.
      Policy Name Add policy name according to your Preference.
      Login Method Password.
    • In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.
      https://login.xecurify.com/moas/jwt/mobile
    • Go to Edit against your configured app, Apps>>Select your app>>Edit.
    • SAML IDP with JWT protocol - Configure App
      SAML IDP with JWT protocol - IDP details
    • Now, You can access you application Using IDP credentials through the Single-sign-on URL

3. Test Connection

    A] Perform Login

    • On accessing the Single sign-On URL as mentioned in the above step, you will be asked to enter your SAML IdP credentials.
    • SAML IDP with JWT protocol -logi page
    • On entering the valid credentials, you will be successfully logged into Application.
    • SAML IDP with JWT protocol - IDP homepage

Additional Resources


If you are looking for anything which you cannot find, please drop us an email on idpsupport@xecurify.com.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com