SAML SSO Configuration Steps

1. Install Joget SAML Plugin and Obtain ACS URL

  1. Install the Joget SAML Plugin from the Joget Marketplace.
  2. In the Joget System Settings > General Settings, set API Domain Whitelist   to * 
    If this is not set, you will get a 400 Forbidden error when performing the SSO.
  3. In the Joget System Settings > Directory Manager, select the Joget SAML Plugin.
  4. In the Joget SAML Plugin configuration, copy the Entity ID and ACS URL. 
    Azure AD requires the ACS URL to be HTTPS so your Joget installation must be running under HTTPS.

2. Configure Microsoft Entra ID for SAML

  1. Sign in to the Azure portal and navigate to Azure > Browse Microsoft Entra Gallery > Create your own application. Name your application and select the Integrate any other application you don't find in the gallery () option and click Create to add an application.
  2. Select the application, select Set up single sign-on, then select SAML. 

  3. Under Basic SAML Configuration, select the Edit pencil icon and key in the Joget SAML Identifier (Entity ID) and Reply URL (Assertion Consumer Service (ACS) URL) copied earlier, then Save

  4. Edit User Attributes & Claims, and configure the claims

    Claim Name

    Value

    Unique User Identifier (Name ID)

    user.userprincipalname

    email

    user.mail

    User.FirstName

    user.givenname

    User.LastName

    user.surname

  5. Under SAML Certificates, download the Certificate (Base64). This certificate file will be used to configure the Joget SAML Plugin later.

  6. Select the Users and groups menu item on the left, and add the users allowed to access Joget. You may add yourself to the listing so that you can test the login later.

3. Configure SAML IDP Certificate in the Joget SAML Plugin

  1. Open the downloaded certificate file and copy the contents into the IDP Certificate field in the Joget SAML Plugin configuration (NOTE: copy without the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) 

4. Configure Custom User Attributes

  1. Key in the values of the user attributes 

5. Test the SAML SSO

  1. Access the Azure My Apps Portal, click on the application, and select the user to perform the SSO. 

  2. If the SSO configuration is correct, the current user will be logged into Joget.


Source Code

This plugin source code is available in a new open source repository at https://github.com/jogetoss/. JogetOSS is a community-led team for open source software related to the Joget no-code/low-code application platform. Projects under JogetOSS are community-driven and community-supported, and you are welcome to contribute to the projects.

References

  1. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
  2. https://dev.joget.org/community/display/DX7/Joget+SharePoint+SSO+Integration