Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
organisationcloud/saml [2020_01_03 15:32] – Azure SAML added ericorganisationcloud/saml [2020_06_22 18:44] – [SAML 2.0 and the SME Enterprise File Fabric] jim
Line 1: Line 1:
 ====== SAML 2.0 and the SME Enterprise File Fabric ====== ====== SAML 2.0 and the SME Enterprise File Fabric ======
-last updated Sept. 25 2018+last updated June 22 2020
  
 The Enterprise File Fabric supports users logging-in via the SAML 2.0 protocol. The SAML 2.0 protocol is increasing in popularity, and there are a number of different flavours and variations provided by different identity providers (IDPs), like Active Directory Federation Services (ADFS) and Google Suite (GSuite).  The Enterprise File Fabric supports users logging-in via the SAML 2.0 protocol. The SAML 2.0 protocol is increasing in popularity, and there are a number of different flavours and variations provided by different identity providers (IDPs), like Active Directory Federation Services (ADFS) and Google Suite (GSuite). 
Line 442: Line 442:
  
 Your Okta setup with the Enterprise File Fabric is now complete.  Your Okta setup with the Enterprise File Fabric is now complete. 
 +
 +===== Configuring with Duo Access Gateway =====
 +
 +__First you will need to setup your Duo Access Gatway__
 +As defined here: [[https://duo.com/docs/dag-generic#create-your-cloud-application-in-duo|DAG Create your cloud application in duo]].
 +
 +Service Provider Name: SME File Fabric
 +
 +Entity ID: your File Fabric URL
 +
 +Assertion Consumer Service: your file fabric url + /saml.html
 +
 +{{:dag_sp_setup.png}}
 +Send Attributes: All
 +
 +a) Group name fix
 +There is an issue with the group name (when leveraging AD as the Directory backend). By default the results that come back are the DN and not the friendly name.
 +
 +When you finish generating the json file you’ll edit to to update the memberof to look like so:
 +
 +```
 +            "94": {
 +                "class": "core:AttributeAlter",
 +                "subject": "memberOf",
 +                "pattern": "/^CN=(.*?),.*/",
 +                "replacement": "${1}"
 +            },
 +
 +```
 +
 +Apply that json to your DAG.
 +
 +
 +__Update DAG to return displayName (and other attributes we need)__
 +
 +We need to ensure that the display name is returned:
 +
 +In the DAG under Authentication Source we can add displayName as one of the attributes to return:
 + 
 +{{:dag_authsources.png}}
 +
 +__Gather info from DAG for SME integration__
 +
 +Follow the steps as defined here: [[https://duo.com/docs/dag-generic#configure-your-service-provider|DAG - Configure Your Service Provider]]
 +This will give you URL/IDs/Certs needed for File Fabric Auth System Setup.
 +
 +__Create Auth System in SME__
 +
 +We’ll enter this data into the File Fabric. Logged in as the Org Admin, in a package with SAML enabled, go to Organization> Auth Systems.
 +
 +{{:dag_authsys1.png}}
 +{{:dag_authsys2.png}}
 +
 +This will now allow your users to click the Duo Access Gateway login button the page and login through your DAG into the File Fabric. 
  
© Copyright 2024 Nasuni.