[IdP] Help with IDP connector

[IdP] Help with IDP connector

  
Forge Component
(25)
Published on 4 Jul by Telmo Martins
25 votes
Published on 4 Jul by Telmo Martins

Hello Team,


We are trying to use IDP Connector for SSO authentication and we tried to follow below


1.In the Test application we configured IdP_SSO_URL as like "https://rajhasti-dev.onelogin.com/trust/saml2/http-post/sso/708454".Attaching OML for your reference


2.Also registered for free account of onelogin and configured the app.I can give you access to that one login.In onelogin we created the App and done necessary configurations as given in the instructions


3.Also in the IDP Connector configurations we have configured following required parameters

-Identity Provider Single Sign-On URL

The URL that IdP Connector should redirect to allow a user to sign in.      

-IdPServer Issuer

A URL that uniquely identifies your SAML identity provider (IdPServer). SAML assertions sent to IdP Connector must match this value exactly in the attribute of SAML assertions.         

-SP Issuer (SP Entity ID)

A URL that uniquely identifies your ServiceProvider. Usually is used in the requests sent to the IdPServer

-Certificate.

The X.509 public certificate issued by your identity provider. Used to check the signature of SAML messages from the IdPServer


4.When we try to run the Test app we are not getting routed to onelogin app login app


Would you mind help us what is missing.We suspect we did some wrong configuration might be with ACS consumer verification parmeter in the configuration in onelogin but not sure.


Cheers

RajHasti


OML

I believe the IdP backoffice includes instructions for OneLogin - did you follow those?

"When we try to run the Test app we are not getting routed to onelogin app login app"

This is really at the start of the process - make sure you're logged out in OutSystems and if necessary debug your test application, namely the NoPermission screen's Preparation.

Hi Paulo,

Thanks for the reply.We  corrected that and  now getting the Onelogin app login screen and upon login we are not getting routed to outsystems page but giving exception.Please check attached screenshot.Appreciate all the help.


Cheers

RajHasti

Impossible to be sure, but it may be an issue with the configuration of your test user in OneLogin (perhaps the user needs explicit access to the application you have created). I'd start investigating there.

If that's not the reason, be sure to confirm the settings in IdP - I'm not sure if OneLogin will require options Generate SAML Request, Use POST, and Sign Request, for example (I don't have the latest IdP version, my options may be a bit different).

Finally, you can check out the logs generated in IdP (SAML requests) and confirm, with OneLogin's support what is wrong with the request.

Solution

Paulo Ramos wrote:

Impossible to be sure, but it may be an issue with the configuration of your test user in OneLogin (perhaps the user needs explicit access to the application you have created). I'd start investigating there.

If that's not the reason, be sure to confirm the settings in IdP - I'm not sure if OneLogin will require options Generate SAML Request, Use POST, and Sign Request, for example (I don't have the latest IdP version, my options may be a bit different).

Finally, you can check out the logs generated in IdP (SAML requests) and confirm, with OneLogin's support what is wrong with the request.


Hi Paulo,

Able to redirect to outsystems page upon successful authentication.There were some configurations missing we corrected ,that solved out issue

Cheers

RajHasti

Solution