You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Introduction

The 'SAML Service Provider Directory Manager' plugin facilitates effortless Single Sign-On (SSO) integration with Joget by enabling compatibility with various Identity Providers (IdPs). With this plugin, users can seamlessly authenticate and access Joget through their chosen IdP, enhancing the user experience and security of the platform.

Plugin Info

Plugin Available in the Bundle:

  1. SAML Service Provider Directory Manager

This plugin bundle is compatible with Joget DX 8.

Expected Outcome

-

Getting Started

Prerequisites

The prerequisite for this plugin is to have a account with desired Identify Provider (IDP) and setup the App integration and obtain the IDP metadata and certificate. In this article we will using OKTA as the Identity Provider.

Please refer to following to read and understand more on Okta.

Okta
Identity Providers (IdPs): What They Are and Why You Need One
Okta Documentation

Setting up OKTA

1. Create a OKTA Developer Account at https://developer.okta.com/signup/ and compete the signup process.

2. Login to OKTA developer account at https://developer.okta.com/login/

3. Create App Integration

Go to your Okta developer account, and navigate to Applications > Create App Integration.

Figure 1: Okta Developer Dashboard - Creating App Integration

Choose SAML 2.0.

Figure 2: App Integration - SAML 2.0


After selecting SAML 2.0, pick a meaningful app name to represent Joget.

You may click on "Do not display application icon to users" if you do not want this app to appear in Okta's end user interfaces.

Figure 3: General Settings


In the next screen, we will be required to provide SSO URL and SP Entity ID.

Figure 4: SAML Settings

Here we will need Single sign-on URL & Audience URI (SP Entity ID). Please key in the following in both the fields


[server]:[port]/jw/web/json/plugin/org.joget.marketplace.SpSamlDirectoryManager/service

Replace the server and port with actual server credentials. For example localhost:8080

For this article we are using localhost as server and 9443 as port.

Change Name ID format onto EmailAddress.

Figure 5: SAML Setting (General)



Scroll down to Attribute Statements (optional) and fill up the attribute mappings. The mappings are needed to identify the users that will be logging in.


Figure 6: Attribute Statements

NameValue

firstName

user.firstName

lastName

user.lastName

email

user.email

Complete the rest of the steps by clicking on Next and Finish. You may choose "I'm an Okta customer adding an internal app" for your testing purpose.

We are done setting up the app integration on Okta, next, we will need to configure Joget to point to Okta.


4. Getting IDP Metadata and Certification

Edit the app integration that we have just created on Okta.

Figure 7: Obtaining Metadata


Copy the Metadata URL and open it in a new window. Copy the entire content.

Figure 8: Metadata


Scroll down to look for SHA-2 cert and download certificate.

Figure 9: Download Certificate

Figure 10: Okta Certificate


6. Add users to App Integration

We will need to assign user(s) to the app. Navigate to Applications > Assignments > Assign.

Figure 14: Assign Users to App

Once assigned, the selected users are now abe to SSO into Joget using their identity in Okta.

We are done with setting up OKTA Developer Account and obtains the required items such as IDP Metadata and Certificate. We will not proceed to setup this plugin in Joget.

Plugin Setup

1. Obtain the plugin source and jar file from https://github.com/jogetoss/sp-saml-directory-manager

2. Upload the plugin jar file in Joget by going to Settings → Manage Plugins

3. Once the plugin in uploaded, go to Settings → Directly Manager Settings and choose SAML Service Provider Directory Manager

Figure 11: Select Plugin


Open the certificate with your text editor and copy the value and paste it into Joget.

Figure 12: Paste the Cert Content


Paste the content into Metadata in Joget.

Figure 13: Paste Metadata

User Provisioning

You may want to check on User Provisioning Enabled so that if it is the first time an user SSO into Joget, an user account would be created in Joget and the user would be able to continue to log in to Joget.


Configure the User Attributes.

Figure 14: Configure User Attributes

Configure User Attributes based on the mappings below.

NameValue

First Name Attribute

firstName

Last Name Attribute

lastName

Email Attribute

email

The "Value" here corresponds with "Name" column that we have declared in Figure 6 earlier.

Configure the Login Button. This login button will be shown at the Joget Login Screen to enable use to perform Single Sign On (SSO) using OKTA.

Figure 15: Configure Login Button

Up to this point, we have successfully created app integration in Okta and configured the SAML Service Provider Directory Manager plugin in Joget.


To login using this plugin, you have to logout from Joget. Go to Joget Login Page, you will see the following login screen with the login button to perform SSO using OKTA.

Login Screen

Login screen may differ as show below depending on the App Center but login button will be shown.


Figure 16: Joget Login screen


Upon clicking on the blue login button, the user will be redirected to Okta.


Upon successfully login in Okta with your registered email you would be redirected back to Joget and will be logged in.

Source Code and Plugin Download

  1. Please visit https://github.com/jogetoss/sp-saml-directory-manager for the plugin's source code.
  2. You can find the latest release at https://github.com/jogetoss/sp-saml-directory-manager/releases.
  3. Upload the plugin to your Joget by navigating to Settings > Manage Plugins > Upload Plugin as admin.

  • No labels