Yellowfin SAML Bridge Web Application

Similar documents
All about SAML End-to-end Tableau and OKTA integration

MyWorkDrive SAML v2.0 Okta Integration Guide

Novell Access Manager authentication class for OpenID authentication

Integration of the platform. Technical specifications

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

ComponentSpace SAML v2.0 Okta Integration Guide

OneLogin Integration User Guide

Kaltura MediaSpace SAML Integration Guide. Version: 5.0

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Google Apps Integration

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

3. Optionally, if you want to use the new Web SSO feature, complete the steps in Adding Web Single Sign-On Functionality.

Integrating YuJa Active Learning into Google Apps via SAML

SSO Authentication with ADFS SAML 2.0. Ephesoft Transact Documentation

Google SAML Integration

RSA SecurID Access SAML Configuration for Kanban Tool

Table of Contents. Single Sign On 1

MyWorkDrive SAML v2.0 Azure AD Integration Guide

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Contents. Introduction To CloudSync. 2. System Requirements...2. Installing CloudSync 2. Getting Started 4

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Manage SAML Single Sign-On

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Integrating YuJa Active Learning with ADFS (SAML)

Add OKTA as an Identity Provider in EAA

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

SSO Authentication with ADFS SAML 2.0. Ephesoft Transact Documentation

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Google Auto User Provisioning

Upland Qvidian Proposal Automation Single Sign-on Administrator's Guide

Quick Connection Guide

Integrating YuJa Active Learning into ADFS via SAML

Morningstar ByAllAccounts SAML Connectivity Guide

OneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6

SAML Single Sign On Integration

RSA SecurID Access SAML Configuration for Datadog

Identity Services Overview from 3 rd Party UK federation commercial identity Providers

CLI users are not listed on the Cisco Prime Collaboration User Management page.

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Quick Connection Guide

D9.2.2 AD FS via SAML2

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Quick Start Guide for SAML SSO Access

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Administering Jive Mobile Apps for ios and Android

Troubleshooting Single Sign-On

SAML-Based SSO Configuration

CA SiteMinder Federation

Troubleshooting Single Sign-On

Configuration Guide - Single-Sign On for OneDesk

SAML-Based SSO Solution

SAML-Based SSO Solution

SSO Plugin. Release notes. J System Solutions. Version 4.0

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

Security Provider Integration SAML Single Sign-On

Single Sign-On (SSO)Technical Specification

A National e-authentication Service

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

RSA SecurID Access SAML Configuration for StatusPage

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Security Provider Integration: SAML Single Sign-On

Oracle Access Manager Configuration Guide

Pulse Secure Client for Chrome OS

Oracle Utilities Opower Solution Extension Partner SSO

Setting Up the Server

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

SAML-Based SSO Configuration

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

TECHNICAL GUIDE SSO SAML Azure AD

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

PingOne. How to Set Up a PingFederate Connection to the PingOne Dock. Quick Start Guides. Version 1.1 December Created by: Ping Identity Support

JBoss Federated SSO Framework

Quick Start Guide for SAML SSO Access

ADP Federated Single Sign On. Integration Guide

ComponentSpace SAML v2.0 IdentityServer4 Integration Guide

Qualys SAML & Microsoft Active Directory Federation Services Integration

Okta Integration Guide for Web Access Management with F5 BIG-IP

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

SSO Integration Overview

ADFS Setup (SAML Authentication)

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Access Manager 4.4 Service Pack 1 Release Notes

Transcription:

Yellowfin SAML Bridge Web Application 2017

2 Introduction The Yellowfin SAML Bridge is a Java web application that allows for interfacing between a SAML Identity Provider, and Yellowfin. This allows for a user to use the same credentials that they use for other applications at their organisation. The Yellowfin SAML Bridge in this case is a SAML Service Provider (SP). The SAML Bridge uses Yellowfin s web services to SSO the user into Yellowfin. There is also an option for auto provisioning users the first time that they connect to Yellowfin using the SAML bridge. Installation The Yellowfin SAML Bridge is a separate Java web application that can be run within the same Tomcat instance as Yellowfin. The bridge can be installed by unzipping the YellowfinSAMLBridge.zip file into the Yellowfin/appserver/webapps/ directory. The Yellowfin SAML Bridge uses the Yellowfin Webservice Java Library. The library (yfws.jar) that corresponds to the Yellowfin instance version should be included in the /WEB-INF/lib directory of the Yellowfin SAML Bridge. SAML SP Configuration The Yellowfin SAML Bridge uses the OneLogin Java API to interface with SAML Identity Providers (IDP). The configuration for the SAML SP is done within the WEB- INF/classes/onelogin.saml.properties file. The following properties need to be set to configure the Service Provider (The Yellowfin SAML Bridge). There are inline comments with the properties file that give more information about each option. onelogin.saml2.sp.entityid This is the entityid of the SAML Bridge SP. This will be the metadata URL for SAML Bridge. The URL is of the form: For example: <scheme>://<host>:<port>/<context>/metadata.jsp http://localhost:8080/samlbridge/metadata.jsp

3 The SP entityid may need to be registered with the SAML IDP to allow users access to this service. onelogin.saml2.sp.assertion_consumer_service.url This is the URL that handles a successful authentication. The URL is of the form: <scheme>://<host>:<port>/<context>/acs.jsp For example: http://localhost:8080/samlbridge/acs.jsp onelogin.saml2.sp.single_logout_service.url This is the URL that handles a logoff. The URL is of the form: <scheme>://<host>:<port>/<context>/sls.jsp For example: http://localhost:8080/samlbridge/sls.jsp onelogin.saml2.sp.x509cert This is the text representation of a security certificate. A self-signed certificate can be generated with: openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out sp.crt -keyout sp.pem The text representation of the sp.crt from the above command is required for this option. onelogin.saml2.sp.privatekey This is the text representation of the certificates private key. This is the text representation of the sp.pem file that was created by the self-signed certificate process above. Any changes made to the onelogin.saml.properties file will require the Yellowfin SAML Bridge to be restarted for new settings to take affect.

4 SAML IDP Configuration The Yellowfin SAML Bridge uses the OneLogin Java API to interface with SAML Identity Providers (IDP). The configuration for the SAML IDP is also done within the WEB-INF/classes/onelogin.saml.properties file. Each SAML Identity Provider will require different options to be filled out in the properties file. A minimal configuration will require at least the following options to be filled, however depending on the IDP used, more options may be required: onelogin.saml2.idp.entityid onelogin.saml2.idp.single_sign_on_service.url onelogin.saml2.idp.single_logout_service.url The IDP Administrator should be able to provide the details for enabling a connection from the Yellowfin SAML Bridge to the desired IDP. The SP entityid may need to be registered with the SAML IDP to allow users access to this service. Any changes made to the onelogin.saml.properties file will require the Yellowfin SAML Bridge to be restarted for new settings to take effect. Yellowfin SAML Bridge Settings Settings related to the operation of the SAML Bridge are located in the WEB-INF/web.xml file. These settings describe the location of the Yellowfin Instance and the web service credentials, and the attributes for finding and automatically provisioning Yellowfin Users. YellowfinWebserviceURL URL to the Yellowfin instance. YellowfinWebserviceUser Yellowfin User to use for connecting to Yellowfin s web services. YellowfinWebservicePassword Yellowfin User password for authenticating Yellowfin s web services.

5 YellowfinRole The Yellowfin Role name, or code to assign to auto provisioned users. AutoProvision True or False. Provision users automatically when they log in via the Yellowfin SAML Bridge for the first time. UsernameAttribute The SAML attribute for the username to be used for syncing with Yellowfin. This is required even if auto-provisioning. EmailAttribute The SAML attribute for extracting the email address of the user. This is only required if autoprovisioning is on. FirstNameAttribute The SAML attribute for extracting the first name of the user. This is only required if autoprovisioning is on. LastNameAttribute The SAML attribute for extracting the last name of the user. This is only required if autoprovisioning is on. FullNameAttribute The SAML attribute for extracting the full name of the user. This will split the given name into first and last names, by splitting the name at location of the first space in the name. When this attribute is provided, the FirstNameAttribute and LastNameAttribute do not need to be set. This is only required if auto-provisioning is on. Any changes made to the web.xml will require the Yellowfin SAML Bridge to be restarted for new settings to take effect.

6 Yellowfin Instance Configuration SIMPLE_AUTHENTICATION needs to be enabled to allow the Yellowfin SAML Bridge to login users. This option needs to be enabled to allow the Yellowfin SSO web service to login a user without a password. Debugging Configuration Issues The Yellowfin SAML Bridge will output the following information on startup: This will show which parameters have been detected at startup. If there is a configuration error, or no matching attributes can be found when attempting to authenticate then errors will be shown from the acs.jsp page. Here is an example:

7 Restyling The JSP files included in the Yellowfin Bridge can be restyled to suit the organisation. Only HTML elements should be changed. Any modifications to the Java code could result SAML handshake not working correctly. It may be required that the default Yellowfin Homepage be modified to fully integrate the Yellowfin SAML Bridge into the User Interface as desired. This could also be configured to perform a SAML logout when a Yellowfin session is destroyed. Useful Links The OneLogin Java API page, contains some information on the settings required for configuring the SP and IDP. https://github.com/onelogin/java-saml

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback