Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
organisationcloud:saml [2020_01_03 15:32]
eric Azure SAML added
organisationcloud:saml [2020_07_16 19:00] (current)
eric updated text of azure saml user import fields to match screenshot
Line 1: Line 1:
 ====== SAML 2.0 and the SME Enterprise File Fabric ====== ====== SAML 2.0 and the SME Enterprise File Fabric ======
-last updated ​Sept. 25 2018+last updated ​June 22 2020
  
 The Enterprise File Fabric supports users logging-in via the SAML 2.0 protocol. The SAML 2.0 protocol is increasing in popularity, and there are a number of different flavours and variations provided by different identity providers (IDPs), like Active Directory Federation Services (ADFS) and Google Suite (GSuite). ​ The Enterprise File Fabric supports users logging-in via the SAML 2.0 protocol. The SAML 2.0 protocol is increasing in popularity, and there are a number of different flavours and variations provided by different identity providers (IDPs), like Active Directory Federation Services (ADFS) and Google Suite (GSuite). ​
Line 211: Line 211:
  
 In the "User Attributes & Claims"​ we'll add a new claim and make sure all the claims below are entered: ​ In the "User Attributes & Claims"​ we'll add a new claim and make sure all the claims below are entered: ​
 +
  
 {{ ::​azureadfs_userclaims.png?​600 |}} {{ ::​azureadfs_userclaims.png?​600 |}}
Line 271: Line 272:
 User Name field > fullname User Name field > fullname
  
-User email field > mail+User email field > othermail
  
 Role\Group name field > groups Role\Group name field > groups
Line 442: Line 443:
  
 Your Okta setup with the Enterprise File Fabric is now complete. ​ Your Okta setup with the Enterprise File Fabric is now complete. ​
 +
 +===== Configuring with Duo Access Gateway =====
 +
 +__First you will need to setup your Duo Access Gatway__
 +As defined here: [[https://​duo.com/​docs/​dag-generic#​create-your-cloud-application-in-duo|DAG Create your cloud application in duo]].
 +
 +Service Provider Name: SME File Fabric
 +
 +Entity ID: your File Fabric URL
 +
 +Assertion Consumer Service: your file fabric url + /saml.html
 +
 +{{:​dag_sp_setup.png}}
 +Send Attributes: All
 +
 +a) Group name fix
 +There is an issue with the group name (when leveraging AD as the Directory backend). By default the results that come back are the DN and not the friendly name.
 +
 +When you finish generating the json file you’ll edit to to update the memberof to look like so:
 +
 +```
 +            "​94":​ {
 +                "​class":​ "​core:​AttributeAlter",​
 +                "​subject":​ "​memberOf",​
 +                "​pattern":​ "/​^CN=(.*?​),​.*/",​
 +                "​replacement":​ "​${1}"​
 +            },
 +
 +```
 +
 +Apply that json to your DAG.
 +
 +
 +__Update DAG to return displayName (and other attributes we need)__
 +
 +We need to ensure that the display name is returned:
 +
 +In the DAG under Authentication Source we can add displayName as one of the attributes to return:
 + 
 +{{:​dag_authsources.png}}
 +
 +__Gather info from DAG for SME integration__
 +
 +Follow the steps as defined here: [[https://​duo.com/​docs/​dag-generic#​configure-your-service-provider|DAG - Configure Your Service Provider]]
 +This will give you URL/​IDs/​Certs needed for File Fabric Auth System Setup.
 +
 +__Create Auth System in SME__
 +
 +We’ll enter this data into the File Fabric. Logged in as the Org Admin, in a package with SAML enabled, go to Organization>​ Auth Systems.
 +
 +{{:​dag_authsys1.png}}
 +{{:​dag_authsys2.png}}
 +
 +This will now allow your users to click the Duo Access Gateway login button the page and login through your DAG into the File Fabric. ​