Single Sign-On using SAML2.0 Installation Example

<< Click to Display Table of Contents >>

Navigation:  Help > IT Topics > SAML 2.0 >

Single Sign-On using SAML2.0 Installation Example

The page shows an examples of the Single Sign-On to RMS using SAM2.0 with FusionAuth software self-hosted in Podman Desktop Windows.

 

Install FusionAuth using Podman Desktop:

Ensure Podman Desktop (Windows) is installed.

Open Terminal / Command prompt and execute the following:

o$podman pod create -p 5432:5432 -p 9011:9011 fusion_pod.

o$podman run --name fusion_postgres -e POSTGRES_PASSWORD=mysecretpassword -d --pod fusion_pod postgres.

o$podman run --name fusion -d --pod fusion_pod fusionauth/fusionauth-app.

Open HeidiSQL (or any other Postgres Admin Tool):

oLogin to localhost:5432, user = postgres, password = mysecretpassword.

oCreate a new database ‘fusionauth’.

Initial setup FusionAuth:

oOpen Browser and navigate to http://localhost:9011.

oKeep Database type settingsUnder Superuser credentials, set:

Username = postgres.

Password = mysecretpassword.

oSubmit and wait.

oEnter Admin user data (anything you like).

oAccept license and submit.

Create RMS application:

oNavigate to http://localhost:9011/admin/.

oApplications -> +:

Name = rms.

Go to SAML tab.

Enable.

Issuer = https://rms.rotronic.com.

Audience: leave empty.

Authorized redirect URLs: add something like https://google.de, will be changed later.

Authentication response -> Signature canonicalization method -> change to Exclusive.

Save

oCustomizations -> Lambdas -> +:

Name = populate rms user name.

Type = SAML v2 populate.

Body:

body

Save.

oApplications -> rms -> View (green magnifying glass):

Scroll down to SAML v2 Integration details.

Copy Metadata URL value to clipboard.

 

Enable SAML2.0 in RMS:

Navigate to Tools -> Setup -> System ->.

Enable SAML2.0 SSO -> Enable SAML2.0 Login.

Insert copied value from clipboard to IdP Metadata URL.

Edit attribute mapping:

oUsername = rms_user.

o… add other attributes you are using.

o… if an attribute shoud be mapped from a collection, you can use array index syntax, eg. Username = usersnames[1] (for the second value from usernames property, or xxxx[-1] for the second last value of the xxx property.

Copy SP Assertion Consumer Service URL to clipboard.

Save.

Navigate to Tools -> Setup -> User:

oAdd a new user with username = “testsaml2.0” and enable his “SAML2.0 Login”.

oSave.

Logout.

 

Finish Configuration in FusionAuth:

Navigate to http://localhost:9011/admin/.

Users -> Your User -> Manage:

oRegistrations -> + Add registration.

oApplication = rms.

oUsername = testsaml2.0.

oLanguage: any.

oSave.

Applications -> rms -> Edit -> SAML:

oAuthorized redirect URLS:

remove google.de.

add “SP Assertion Consumer Service URL” copied to clipboard from RMS setup.

oAuthentication response -> Populate lambda -> use “populate rms user name”.

oSave.

 

Add FusionAuth X.509 Certificate to trusted store:

Navigate to http://localhost:9011/admin/.

Settings -> Key Master.

Find row with Name “SAML key generated for application rms”, download .zip and extract.

Open Certificate manager for local machine) (certlm.msc).

Trusted Root Certification -> Certificates -> Right Mouse Button -> All Tasks -> Import -> Select extracted ‘certificate.crt’ -> Next/Import.

 

Test Login:

Navigate to RMS Login page.

Click Log in (SAML2.0) SSO.

Login using your FusionAuth username/password.

You should now be logged in RMS using user “testsaml2.0”.

 

Updated: 20.12.2023.