3.5 - 3.8 - SAML Authentication Plugin - OneLogin IDP

Please rate how useful you found this document:

Contents: [hide]

Restrictions
Set Up

Restrictions

The SAML Auth plugin with OneLogin IDP (Identity Provider) cannot connect with the iOS version of PM Mobile.

Set Up

This section discusses how to set up the SAML Auth plugin with OneLogin IDP and how to log on to ProcessMaker.

After Installing and enabling the SAML Auth plugin, follow these steps:

If you do not have a OneLogin account, it is possible to create one.
Log on to your OneLogin account.
After logged on, select Applications from the menu bar and Applications from the drop-down menu.
Click Add App.
On the Find Applications page, type saml in the search... field. Select SAML Test Connector (IdP w/ attr w/ sign response).
Optionally edit the application name and the icon. Then click Save.
Click Configuration.
Copy the following values from ProcessMaker Service Provider section (first image below) to the Configuration section in OneLogin. Click Save:
- Entity ID to ACS (Consumer) URL Validator.
- Assertion Consumer Service to ACS (Consumer) URL.
- Single Logout Service to Single Logout URL.
Click SSO.
Copy the following fields from OneLogin to ProcessMaker in the Identity Provider section:
- Issuer URL to Entity ID.
- SAML 2.0 Endpoint (HTTP) to Single Sign-On Service.
- SLO Endpoint (HTTP) to Single Logout Service.
Click View Details.
Copy Fingerprint to ProcessMaker in the Identity Provider section. Click Update Configuration option.
In the X.509 Certificate section click Download.
In the ProcessMaker SAML Configuration, go to Configurations and then insert the Field Matching attributes.
Leave the Signature Algorithm field filled in by default. Click Upload New Certificate.
In the New Certificate pop-up screen, select IDP as the Certificate Type. Browse and then select the downloaded Certificate file. Click Save.
Click Update Configuration to apply the changes.