3.5 - 3.8 - SAML Authentication Plugin - Shibboleth IDP

Shibboleth

This section discusses how to set up the SAML Auth plugin with Shibboleth IDP and how to log on to ProcessMaker.

After Installing and enabling the SAML Auth plugin, follow these steps:

1. Open the terminal and then fetch update software list:

   sudo apt update

2. Install the necessary packages for compiling OpenSSL:

   sudo apt install build-essential checkinstall zlib-dev -y

3. Check the version of OpenSSL installed on your server with the command below:

   open ssl version -a

4. To generate the key with configuration data, run this command:

   openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out pm-saml.crt -keyout pm-saml.key

5. Complete the required information. Please review the next steps containing examples on how to complete that information.

6. Enter the Country Name.

   

7. Enter the State or Province Name.

   

8. Enter the Locality Name.

   

9. Enter the Organization Name.

   

10. Enter the Organizational Unit.

    

11. Enter the Common Name with the server name.

    

12. Finally, enter the Email Address.

    

13. The key and the certificate files are successfully generated.

    

14. On SAML configuration page in ProcessMaker, click Upload New Certificate.

    

15. In the New Certificate pop-up screen, select KEY as the Certificate Type. Browse the downloaded files and select the downloaded Certificate .key file. Click Save.

    

16. Click Upload New Certificate on the SAML Configuration ProcessMaker again.

17. In the New Certificate pop-up screen, select SP as the Certificate Type. Browse the downloaded files and select the downloaded Certificate .crtfile. Click Save.

    

18. Copy the Entity ID value from the ProcessMaker Service Provider section in the SAML Configuration page.

    

19. Open a new tab in your browser and enter the copied Entity ID URL.

    

20. Right-click on the screen, and then select the Save As option.

    

21. Save the file as metadata.xml.

22. Access the https://samltest.id/upload.php URL.

    

23. In the Testing Resources tab select the Download Metadata option.

    

24. Copy the following fields from the Connection information to ProcessMaker in the Identity Provider section, then click Update Configuration:

    • entityID to Entity ID.
    • Redirect SSO Location to Single Sign-On Service.
    

25. Copy the generated certificate to a text editor and then save it as shibboleth.crt.

    

26. Click Upload New Certificate on ProcessMaker and then in the New Certificate pop-up screen, select IDP as the Certificate Type. Browse the downloaded files and select the .crtfile from the previous step. Click Save.

    

27. Access again to https://samltest.id/upload.php URL, and upload the metadata.xml saved file.

    

28. A success Metadata Upload Results message displays.

    

29. On a different browser, go to your ProcessMaker SAML configured URL. For example: https://yourprocessmakerdomain.net/sysworkflow/en/neoclassic/cases/main. ProcessMaker automatically redirects to the SAML log on page.

    

30. To continue with the configurations, it is possible to log on with the provided username and password.

    

31. The user information displays on screen. This information is useful to create a user in ProcessMaker.

    

32. Create a ProcessMaker user with the information displayed in the previous step.

    

33. To complete de configuration, enter to the https://samltest.id/download/ URL.

    

34. Copy the NAME of the mail attribute.

    

35. Paste the copied value to the Field Matching section in Configurations tab.

    

36. Open a browser in incognito mode to test if the Processmaker user created is able to log on.

    

37. Select the Ask me again if information to be provided to this service changes option. Click Accept.

    

38. You are now logged on to ProcessMaker via Shibboleth.