Apologies if this was mentioned previous but how does one become an IdP_Administrator so that the site property of Idp_SSO_IsActive returns TRUE instead of FALSE?

Thank you for your help. 

Katerina

Hi All,

I am trying to use IDPConnector with OneIdentity but I am not able to generate the Metadata.xml using the below link. https://www.samltool.com/sp_metadata.php

Can anyone help me in this. Is IDPServer mandatory to install to use IDPConnector?

I will be using OneIdentity as my Identity Provider.

THanks,

Kunal

Hi Kunal,

The current version of the component allows you to export/import the metadata xml, no need for 3rd parties.

After you finish configuration on "SP connector settings and Claims" (and "SP connector internal settings"), you can export it.

Regards.

Daniel Brooks wrote:

SSO using IDP connector

> Logging to IDP configuration page using

   below URL

              https://{your outsystem envirnament }/IdP/

           For example :-  https://xyz.outsystemscloud.com /IdP/

> Select  Identity Provider as Azure AD / ADFS

> Sign in to the Azure Active Directory portal and add the OutSystems Azure AD application from the gallery.

• Navigate to Enterprise applications
• Click New application.
• Search for OutSystems Azure AD.
• Select the application and click Add.

> Select SAML as the single sign-on method.

• In the OutSystems Azure AD application dashboard click the Single sign-on entry.
• Select SAML.

> Set up Single Sign-On with SAML.

• Click the Edit icon on the Basic SAML Configuration section.
• Set the required values accordingly.
• Identifier (Entity ID): http://YOUR_SERVER/IdP/
• Reply URL (Assertion Consumer Service URL): https://YOUR_SERVER/IdP/SSO.aspx

> Alternatively, you can upload the metadata file  from the IdP connector.

> You can then configure the IdP connector with the provided information on sections 3 and 4, or upload the Federation Metadata XML file downloaded in the Azure AD application.

• In your project Change “Preparation of the NoPermission screen” to redirect the user to the URL provided by IdP_SSO_URL action.

• Note: if the system contains multiple tenants, the tenant switch has to have been done before calling IdP_SSO_URL.

> Logout Flow

• Change LoginInfo web block on Common Flow (Optional: Single-logout).
• In a standard OutSystems application the Common Flow is also responsible for handling Logout operation.
• By default, the Logout will invalidate the session on the OutSystems application server, but with an IdP SSO scenario many times the logout must be also performed on IdP Server, redirecting the browser to a specific URL on IdP SSO server.
• So, to achieve that, it's necessary to change the Logout default behavior.
• If your IdP Server allows a Logout initiated by the SP (IdP Connector), configure the field IdP server Single Logout URL which should be provided by your IdP Server (the IdP Connector will generate the SAML messages to perform a Single-Logout).
• Note: Your application shouldn't call the User_Logout or Logout system actions. The IdP connector is the one responsible for that call.
• Change Preparation of the LoginInfo to redirect the user to the URL provided by IdP Server
• If your IdP Server allows a Logout initiated by the SP through SAML messages: call the action IdP_SingleLogout_URL and call the Common\ExternalURL with its output.