From 20879697f44d310b79b0ac92d0579a10dda095c0 Mon Sep 17 00:00:00 2001 From: Jens Gellynck Date: Wed, 10 Aug 2022 12:53:05 +0200 Subject: [PATCH 1/3] Fixed Okta SAML integration docs Added required attribute statement and extra info about obtaining the Idp metadata. --- ...tion_via_an_identity_provider_using_SAML.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md index 84e0a755da..ac05803db3 100644 --- a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md +++ b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md @@ -50,7 +50,7 @@ Once this has been configured, if users try to log in to the DMA using external ## Creating a DataMiner metadata file -To create a DataMiner metadata file, proceed as follows: +To create a DataMiner metadata file (also referred to as *Service Provider Metadata*), proceed as follows: 1. Copy the following template into a new XML file named e.g. *spMetadata.xml*: @@ -290,7 +290,7 @@ DataMiner supports Okta as identity provider as from version 10.1.11. Use Okta's > [!TIP] > It is recommended to use a PNG image with a transparent background and a landscape orientation. -1. Configure the SAML settings: +1. Configure the Okta SAML settings: - **Single sign on URL**: The location where the SAML assertion is sent with a POST operation. @@ -308,9 +308,9 @@ DataMiner supports Okta as identity provider as from version 10.1.11. Use Okta's - ``https://dataminer.example.com/jobs/`` - ``https://dataminer.example.com/ticketing/`` - - **Audience URI**: The intended audience of the SAML assertion. + - **Audience URI (SP Entity ID)*: The intended audience of the SAML assertion. - In this box, enter ``https://dataminer.example.com/root/``. + In this box, enter ``https://dataminer.example.com/``. - **Name ID format**: The username format you are sending in the SAML Response. @@ -319,6 +319,16 @@ DataMiner supports Okta as identity provider as from version 10.1.11. Use Okta's - **Application username**: The default value to use for the username with the application. Select "Email". + + - **Attribute Statements**: Add a new attribute statement with name *Email* (note this is case sensitive), format *Basic* and value *user.email*. + +1. Open the *Sign On* tab of your Okta application and scroll down to *SAML Signing Certificates*. + +1. In the *Actions* column of the *Active* certificate, click *View IdP metadata*. + +1. Save this Idp metadata XML-file to the DataMiner agent, e.g. *C:\Skyline DataMiner\okta-ip-metadata.xml*. + +1. Open the *DataMiner.xml* file and fill in the path to the IdP metadata file in the *ipMetadata* attribute of the *<ExternalAuthentication>* node. ## Error messages From 9f4074a0b325cca0e83cc0018b12fae635a9d9cc Mon Sep 17 00:00:00 2001 From: Jens Gellynck Date: Wed, 10 Aug 2022 12:53:47 +0200 Subject: [PATCH 2/3] Update Configuring_external_authentication_via_an_identity_provider_using_SAML.md --- ...ternal_authentication_via_an_identity_provider_using_SAML.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md index ac05803db3..8debbd97f0 100644 --- a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md +++ b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md @@ -308,7 +308,7 @@ DataMiner supports Okta as identity provider as from version 10.1.11. Use Okta's - ``https://dataminer.example.com/jobs/`` - ``https://dataminer.example.com/ticketing/`` - - **Audience URI (SP Entity ID)*: The intended audience of the SAML assertion. + - **Audience URI (SP Entity ID)**: The intended audience of the SAML assertion. In this box, enter ``https://dataminer.example.com/``. From e22575285a0ca9e91e7cc2f2d62b7894cfcef943 Mon Sep 17 00:00:00 2001 From: Marieke Goethals <94605575+MariekeGO@users.noreply.github.com> Date: Thu, 11 Aug 2022 07:21:45 +0200 Subject: [PATCH 3/3] Update Configuring_external_authentication_via_an_identity_provider_using_SAML.md --- ...rnal_authentication_via_an_identity_provider_using_SAML.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md index 8debbd97f0..21a9e9d863 100644 --- a/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md +++ b/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_external_authentication_via_an_identity_provider_using_SAML.md @@ -320,13 +320,13 @@ DataMiner supports Okta as identity provider as from version 10.1.11. Use Okta's Select "Email". - - **Attribute Statements**: Add a new attribute statement with name *Email* (note this is case sensitive), format *Basic* and value *user.email*. + - **Attribute Statements**: Add a new attribute statement with name *Email* (case-sensitive), format *Basic*, and value *user.email*. 1. Open the *Sign On* tab of your Okta application and scroll down to *SAML Signing Certificates*. 1. In the *Actions* column of the *Active* certificate, click *View IdP metadata*. -1. Save this Idp metadata XML-file to the DataMiner agent, e.g. *C:\Skyline DataMiner\okta-ip-metadata.xml*. +1. Save this IdP metadata XML file to the DataMiner Agent, e.g. `C:\Skyline DataMiner\okta-ip-metadata.xml`. 1. Open the *DataMiner.xml* file and fill in the path to the IdP metadata file in the *ipMetadata* attribute of the *<ExternalAuthentication>* node.