Versions Compared

Old Version 1

changes.mady.by.user Catch Admin

Saved on

compared with

New Version Current

changes.mady.by.user Catch Admin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Okta is an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee's access to any application or device. Okta runs in the cloud, on a secure, reliable, extensively audited platform, which integrates deeply with on-premises applications, directories, and identity management systems.

https://www.okta.com/

 


Configuring Okta

1) In Okta, create Enterprise Tester integration using SAML 2.0.


 


2) In Okta the SAML General Settings need to contain the following.

  • Single Sign URL - this must be your Enterprise Tester instance e.g https://enterprisetester/authentication/SAML2.rails
  • Audience URI - this is A9CC4713-F3D5-4321-9C19-14A58E117364

 




3) Make sure you record IDP information when selecting the "View Setup Instructions".


 

 



Configuring Enterprise Tester to use Okta

Add the following keys to the appSettings section in the Enterprise Tester web.config file.  Note: Values used within these appsettings will be available after completing the Okta configuration above.

 

1) Enable SAML Support

...


<add key="SAML.Enabled" value="true" />


 

2)

IDP Issuer

Set SAML Provider to Microsoft


<add key="SAML.

Issuer

Provider" value="

<IDP Issuer>

Microsoft" />

 


3) IDP

...

Issuer

 


<add key="SAML.

IDP

Issuer"value="<IDP

SSO URL>

Issuer>"/>

 


4)

...

 

IDP SSO URL


<add key="SAML.

Certificate

IDP"value="

<X.509 Certificate>

<IDP SSO URL>"/>


5)

Specify logout url

X.509 Certificate


Do not add an Enterprise Tester URL here or users will be automatically logged back into Enterprise Tester.

The Okta applications page is a suggested url that could be added.

 

<add key="SAML.

Logout

Certificate"value="

https://your_selected_logout_page

<X.509 Certificate>"/>

 

 



SHA-256 XML Signature Support

SAML 2.0 uses the SHA-256 encyrption encryption protocol if this is not enabled on your server you will need to do the following.

 

On the Enterprise Tester server:

  1. Download CLR Security Update
    http://clrsecurity.codeplex.com/releases/view/47764

  2. Download GACUTIL from here:  http://www.microsoft.com/en-us/download/confirmation.aspx?id=19988.

  3. Extract Security.Cryptography.dll assembly

  4. Add Security.Cryptography.dll to GAC

     

    full path... gacutil.exe /i Security.Cryptography.dll

  5. View Security.Cryptography.dll assembly

     

    gacutil.exe /l Security.Cryptography

  6. Update machine.config in C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config and C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config. Insert the following code block after <system.web> section in <configuration>

     

    <mscorlib>
      <cryptographySettings>
        <cryptoNameMapping>
          <cryptoClasses>
            <cryptoClass RSASHA256SignatureDescription="Security.Cryptography.RSAPKCS1SHA256SignatureDescription, Security.Cryptography, Version=1.6.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
          </cryptoClasses>
          <nameEntry name="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"class="RSASHA256SignatureDescription"/>
        </cryptoNameMapping>
      </cryptographySettings>
    </mscorlib>

 

 

...

enable it.