...
| Key | Purpose | Default Value | Example | Notes |
|---|---|---|---|---|
| SAML.Enabled | To turn SAML support on or off | false | <add key="SAML.Enable" value="true"/> | Required setting |
| SAML.Provider | Used to switch between implementation styles of SAML 2.0 | n/a | <add key="SAML.Provider" value="Microsoft" /> | Optional setting This should usually be set to "Microsoft" but may need to be omitted all-together, depending on IdP |
| SAML.Issuer | IDP Issuer URL | n/a | <add key="SAML.Issuer" value="http://www.okta.com/cKZ3800234nlvM8s"/> | Required setting Requires IdP configuration first |
| SAML.IDP | IDP SSO URL | n/a | <add key="https://cust.okta.com/app/appname/cKZ3800234nlvM8s/sso/saml"/> | Required setting |
| SAML.Certificate | X.509 Certificate | n/a | <add key="-----BEGIN CERTIFICATE----- certificate body -----END CERTIFICATE-----"/> | Required setting Should be entered as a single line and should include the begin and end certificate tags Requires IdP configuration first |
| SAML.Logout | URL that a user will be redirected to if they choose to log out of Enterprise Tester | Enterprise Tester Login URL | <add key="SAML.Logout" value="https://myapps.microsoft.com"/> | Optional setting If not configured, a user choosing the logout option will be automatically logged back in again provided there session is still active with the IdP. |
Example of the configuration as it might appear in the web.config file alongside other settings
| No Format |
|---|
<appSettings>
<add key="site.root.url" value="https://apps.corp.com/et" />
<add key="Licensing.ServerKey.GenerationMode" value="Stable" />
<add key="migration.providerName" value="Migrator.Providers.SqlServer.SqlServer2005Dialect" />
<add key="PathService.PackagePathSeparator" value="|" />
<add key="aspnet:MaxHttpCollectionKeys" value="10000" />
<add key="attachment.storage.method" value="FileSystemCas" />
<!-- SAML CONFIGURATION START -->
<add key="SAML.Enabled" value="True" />
<add key="SAML.Provider" value="Microsoft"/>
<add key="SAML.Issuer" value="http://www.okta.com/cKZ3800234nlvM8s" />
<add key="SAML.IDP" value="https://cust.okta.com/app/appname/cKZ3800234nlvM8s/sso/saml" />
<add key="SAML.Logout" value="https://catchsoftware.com" />
<add key="SAML.Certificate" value="-----BEGIN CERTIFICATE----- LIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwGA1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNEREMRgwFgY4VQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdlYiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIwODIyMDUyNzQxWhcNMTcwODIxMCUyNzQxWjBKMQswCQYDVQQGEuJKUDEOMAwGA1UECAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+udvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxYqutbMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5JNRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW+FgxDu5BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW24DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjASZaEwuvjI/TrrGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6+tZ9KynmrbJpTSi0+BM= -----END CERTIFICATE-----" />
<!-- SAML CONFIGURATION END -->
</appSettings> |
Example - Enterprise Tester with Okta
...
1) In Okta, create Enterprise Tester integration using SAML 2.0.
2) In Okta the SAML General Settings need to contain the following.
- Single Sign URL - this must be your Enterprise Tester instance e.g https://enterprisetester/authentication/SAML2.rails
- Audience URI - this is A9CC4713-F3D5-4321-9C19-14A58E117364
3) Make sure you record IDP information when selecting the "View Setup Instructions".
Configuring Enterprise Tester to use Okta
Add the following keys to the appSettings section in the Enterprise Tester web.config file. Note: Values used within these appsettings will be available after completing the Okta configuration above.
1) Enable SAML Support
<add key="SAML.Enabled" value="true" /> |
2) IDP Issuer
<add key="SAML.Issuer"value="<IDP Issuer>"/> |
3) IDP SSO URL
...
<add key="SAML.IDP"value="<IDP SSO URL>"/> |
4) X.509 Certificate
<add key="SAML.Certificate"value="<X.509 Certificate>"/> |
5) Specify logout url
Do not add an Enterprise Tester URL here or users will be automatically logged back into Enterprise Tester.
<add key="SAML.Logout"value="https://your_selected_logout_page"/> |
SHA-256 XML Signature Support
On the Enterprise Tester server:
Download CLR Security Update
http://clrsecurity.codeplex.com/releases/view/47764Download GACUTIL from here: http://www.microsoft.com/en-us/download/confirmation.aspx?id=19988.
Extract Security.Cryptography.dll assembly
Add Security.Cryptography.dll to GAC
full path... gacutil.exe /i Security.Cryptography.dllView Security.Cryptography.dll assembly
gacutil.exe /l Security.CryptographyUpdate machine.config in C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config and C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config. Insert the following code block after <system.web> section in <configuration>
<mscorlib><cryptographySettings><cryptoNameMapping><cryptoClasses><cryptoClass RSASHA256SignatureDescription="Security.Cryptography.RSAPKCS1SHA256SignatureDescription, Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/></cryptoClasses><nameEntry name="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"class="RSASHA256SignatureDescription"/></cryptoNameMapping></cryptographySettings></mscorlib>
...