Integration

OvalEdge Application Login using OneLogin SSO

This guide provides a detailed, step-by-step process to configure Single Sign-On (SSO) for the OvalEdge application using OneLogin. It covers the entire process, from logging in to OneLogin, creating a SAML application, configuring SSO parameters, setting up roles and groups, adding users, obtaining SAML metadata, and finalizing the configuration on the OvalEdge application. This ensures a secure and seamless login experience for users, managed centrally via OneLogin.

Prerequisites

  • Access to the OneLogin Admin Portal with Administrator rights.
  • DNS or IP address for the OvalEdge application.

Step-by-step process to configure SSO

Step 1: Log in to OneLogin

  1. Go to the OneLogin portal.
  2. Enter your valid credentials and click Continue.
  3. Click Administrator to access the admin console.
  4. Now, the following page displays.

Step 2: Create a SAML Application

  1. Navigate to Applications > Add App.
  2. Search and select SAML Custom Connector (Advanced).
  3. Set a display name for the application (e.g., OvalEdge SSO) and click Save.

Step 3: Configure SAML Settings

  1. Go to the Configuration tab.
  2. Enter the following values:
    • Audience: https://<DNS-IP>/ovaledge/saml/metadata
    • Recipient: https://<DNS-IP>/ovaledge/saml/SSO
    • ACS (Consumer) URL Validator: ^https:\/\/<DNS-IP>\/ovaledge\/saml\/SSO$ (Regular Expression).
    • ACS (Consumer) URL: https://<DNS-IP>/ovaledge/saml/SSO
  3. Click Save.

Step 4: Set Up Parameters

  1. Go to the Parameters tab and click the + icon.
    Note: Ensure the “configured by admin” option is checked for credentials.
  2. Add the following fields one after the other, such as Email, First Name, Last Name, and Member of.
    As an example, an email is explained.
    • Email:
      Enter the Field name and select "Include in SAML assertion" as follows:

    • First Name
      • Field Name: First Name
      • Value: First Name
    • Last Name
      • Field Name: Last Name
      • Value: Last Name
    • Member Of:
      • Field Name: Member Of
      • Value: User Role
  3. Click Save after adding each parameter. The entered data is saved, and the SSO page is displayed.

Step 5: Create Roles and Groups

  1. Go to Users > Roles > Add New Role.
  2. Set the role name (e.g., OE_ADMIN, OE_PUBLIC) and assign the application.
  3. Click Save. The created roles display as follows:
  4. Navigate to Groups > Add Group.
  5. Set a group name and click Save. The Groups page display as follows:
  6. In the same way, go to Mappings > New Mapping, and map roles as needed.
  7. The Admin Role Mapping displays as follows:
  8. The Public Role Mapping displays as follows:

Step 6: Add Users

  1. Go to Users > New User.
  2. Fill in the user details and click Save User.
  3. In the Authentication tab, select the group that you created as shown below.
  4. From the left hand side, go to Applications, assign the role, and click Save User.
  5. Set a password for the user using More Actions > Change Password.

Step 7: Obtain SAML Metadata

  1. Navigate to Applications > SSO > More Actions > SAML Metadata.
  2. Right-click on SAML Metadata and copy the link.

Step 8: Configure the OvalEdge Application

  1. Log in to the OvalEdge VM.
  2. Go to the extprop folder.
  3. Edit the oasis.properties file and set the samlHTTPMetadataProvider with the copied SAML Metadata link.
  4. Go to the Tomcat bin folder and:
    • For Linux: Edit setenv.sh
    • For Windows: Edit tomcat9w file And 
    • Add/Modify the following parameter:

      -DOVALEDGE_SECURITY_TYPE=saml


  5. Save the changes and restart the Tomcat services.