Versions Compared

Old Version 3

changes.mady.by.user Morten Boisen

Saved on

compared with

New Version Current

changes.mady.by.user Morten Boisen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

However we can give some general configuration parameters thats required for the SAML 2 integration to work.

Our SAML AuthNRequest

AssertionConsumerServiceURL=https://DAMURL/DigizuiteCore/LoginService/Saml2/Acs

...

Code Block
languagexml
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id14752337c09e4ff19b7cc1089a985597" Version="2.0" IssueInstant="2021-04-23T08:05:09Z" Destination="https://ad-host.digizuite.app/adfs/ls/" AssertionConsumerServiceURL="https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService/Saml2/Acs">
	<saml2:Issuer>https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService</saml2:Issuer>
</saml2p:AuthnRequest>

Token Claims

The attributes we require in the

...

Code Block
languagexml
<samlp:Response ID="_9466a2eb-3e08-4638-8417-4443070d2860" Version="2.0" IssueInstant="2021-04-23T08:05:17.781Z" Destination="https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService/Saml2/Acs" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" InResponseTo="id14752337c09e4ff19b7cc1089a985597" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://ad-host.digizuite.app/adfs/services/trust</Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
    <Assertion ID="_710b91a5-f1e9-496e-9765-659795675aa1" IssueInstant="2021-04-23T08:05:17.780Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion">
        <Issuer>http://ad-host.digizuite.app/adfs/services/trust</Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
                <ds:Reference URI="#_710b91a5-f1e9-496e-9765-659795675aa1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                    <ds:DigestValue>mTY/O/ujMR/6s+/VoRqVMfKG47QtXxl1puSB05/6GOU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>QQhk5ARL7jhhgLF/qu0UOx9ZrvYjRUfDgHx2ZVft0vmnekE9EojR7onh4RfZX/sY/mRn/y4ovx9WbjoP2KXSjJ+ZeiUt590bo1WgqkhUujszWEOpxJSjXBo1TVj7yVrNET+a1pA5KVlGy+s5e/fHRYD1Rzvue+LSR6ZuMeBXGJyCM+iWCaNqS5Co7WIGxP6E35BXY+tgQSXz8dCSoRqdQppcsl+kfIC5wIKYGp529Y1Pmyr5jsnKQYZbKxTo0g3tVkYQLK93svGNLlPLuEm5bqjC5hrfeCAbEXPbZRVe9KuYwIJg1FU20HWllSOb2uMsuVXQs1Swn9creZIXTemZVg==</ds:SignatureValue>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <ds:X509Data>
                    <ds:X509Certificate>MIIC5jCCAc6gAwIBAgIQFFXnNrtUPoVJThePVJ/VazANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZC1ob3N0LmRpZ2l6dWl0ZS5hcHAwHhcNMjAwOTE0MTE0MDM4WhcNMjEwOTE0MTE0MDM4WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZC1ob3N0LmRpZ2l6dWl0ZS5hcHAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCetlw5XG1rFX02eTnGdvQN2xcZ8Q/tNSR4iHCBCVCL53kqzA8Ds39QRRw1RbwJ37dqc87oZBHy+nJTBlGfKKcqizAUHYQAK3r0oL2IeXUqIdrtcCdrNjeeaBRU6JQGuj39BDujYcYHTD4hXbFRAmNNAZGhK+FcAdhH7m5h6wcQg1oTie5tmkgGeRFDd7nXQX/lSqYQ/KfjSd3G/t0uCQtA8a7Sqdr0PIP5kDdHW9gejIF9Ke/ltnzx4gjnq938X0VY90qzWiigdNULVrXZ6EYypI7LBHvdKCT/dbUAXfvvZCEAAd+EUUdcOC5FF/FD5RaJVXE89whz0dV1tnXkI8YJAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJqSc3KCMSo5/i16XsWaijMpCTl5tqtqQnXfL+I3XOw06QaZbYwsQc91GbrqkH5jfl8DsLBuMaeYc5baRMzGrh6qaHfFcUNQ7E4jf42gfmzvqxbQDpTwTCR0EO0eGXNHANHflz4Oob3rPuX31y26wuDngUlyzRj/DltCZENTQQlD9ZYT+2Lp0EYd8r0UC5FfxrWoYCJJnpFTeps7iwh4G8OEW+xa6TZuQL7dk5KCdM84cgkHznLvZ++MV7OI69ye1cHvIEI7+Gr9hLxs04BU7U9qQ5n/USbo+DKN6ZQe45XApTSVLkE2lFw8zdzXM0yvxKPXUDTcXNmrA3tNYxpcMKg=</ds:X509Certificate>
                </ds:X509Data>
            </KeyInfo>
        </ds:Signature>
        <Subject>
            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <SubjectConfirmationData InResponseTo="id14752337c09e4ff19b7cc1089a985597" NotOnOrAfter="2021-04-23T08:10:17.781Z" Recipient="https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService/Saml2/Acs" />
            </SubjectConfirmation>
        </Subject>
        <Conditions NotBefore="2021-04-23T08:05:17.774Z" NotOnOrAfter="2021-04-23T09:05:17.774Z">
            <AudienceRestriction>
                <Audience>https://mbdc.dev.digizuite.com/DigizuiteCore/LoginService</Audience>
            </AudienceRestriction>
        </Conditions>
        <AttributeStatement>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">
                <AttributeValue>mb@digizuite.app</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
                <AttributeValue>mb@digizuite.com</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
                <AttributeValue>Boisen</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
                <AttributeValue>Morten</AttributeValue>
            </Attribute>
            <Attribute Name="http://schemas.xmlsoap.org/claims/Group">
                <AttributeValue>digizuite\Domain Users</AttributeValue>
                <AttributeValue>digizuite\Super administrator</AttributeValue>
                <AttributeValue>S-1-5-21-2750658348-810332529-726732757-513</AttributeValue>
                <AttributeValue>S-1-5-21-2750658348-810332529-726732757-1106</AttributeValue>
            </Attribute>
        </AttributeStatement>
        <AuthnStatement AuthnInstant="2021-04-23T08:05:17.679Z">
            <AuthnContext>
                <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthnContextClassRef>
            </AuthnContext>
        </AuthnStatement>
    </Assertion>
</samlp:Response>

Note we do not support the SHA1 encryption: <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

When the IdP has been configured correctly then get the Metadatafederation url for next step.

Setup of Media manager

Login to the media manager with a Super administrator.

...

Example of a configuration:

...

 

Setup of Sync groups in the DAM

If you have selected FullSync or AddOnly in your Group sync level you will need to setup your group binding in the DAM.

...

In the Binding group name you can input either the domain/groupname or the group SID.

Setup of connectors or media manager:

Set a connector or Media manager to use SSO login

Troubleshooting and known issues:

How to troubleshoot SSO and known issues