Implementing SAML with AuthAnvil

  • Updated

One of the SAML providers you can use is AuthAnvil.

In order to get started with AuthAnvil, you will need:

  • AuthAnvil account with admin permissions.
  • All users are provisioned in AuthAnvil with the same exact email address. We don't create new user accounts with SSO. 
  • Administrator level access in Hudu.
  • Ensure that the users have already been created in Hudu before starting this process.

Configuring AuthAnvil

  1. First, configure a user group. Go to Directory Manager -> Groups.Screen_Shot_2020-01-28_at_14.32.59.png
  2. In the bottom right corner, click the green + circle. A Create New Group sidebar will appear.
  3. Name the group and click Add Group.
  4. Add users to the group by clicking the ellipsis next to the newly created group.Screen_Shot_2020-01-28_at_14.34.29.png
  5. Add a new user by clicking on the green plus sign in the bottom right corner of the screen.Screen_Shot_2020-01-28_at_14.34.51.png
  6. Click on SSO Manager on the left sidebar.Screen_Shot_2020-01-28_at_14.40.07.png
  7. Click the green plus circle in the bottom right corner and then click the Catalogue button. 
  8. Screen_Shot_2020-01-28_at_14.40.58.png
  9. Click on Custom Application. Screen_Shot_2020-01-28_at_14.41.19.png
  10. Give the Application a name. For example, Hudu. Enable the application. Then choose an icon for the application. If you need one, we have included one for you to use hereScreen_Shot_2020-01-28_at_14.42.28.png
  11. Then, navigate to the tab for Protocol Setup. 
    • Type in your Hudu instance URL followed by /saml/consume into the Assertion Consumer Service URL. Should look like: https://docs.mywebsite.com/saml/consume
    • Click on Allow Multiple Audiences and make sure your Audience URI is your Hudu Instance URL and  matches your Service Entity ID (Issuer) field.
    • Type in your Hudu instance URL for the Service Entity ID (Issuer) field.Screen_Shot_2020-01-28_at_15.46.12.png
  12. Under Advanced Settings, choose SHA-1 as the Signing Algorithm:Screen_Shot_2020-01-28_at_14.44.35.png
  13. In the Attribute Transformation page, choose Just issue an attribute as the username and choose {User.EmailAddress} as the value.Screen_Shot_2020-01-28_at_14.45.33.png
  14. Go to the Permissions tab and add the Group you created earlier. Screen_Shot_2020-01-28_at_14.45.52.png
  15. Click Save Changes. Leave the page open as you fill out the information on Hudu.

Configuring Hudu

The final step is configuring Hudu so you can utilize SSO.

  1. Login to Hudu and click the Admin cog on the sidebar. 
  2. Click General.
  3. Click Configure Single Sign-On.
  4. Enter the details you found on the previous steps in to the form.
    • SAML Issuer URL.
      • Go to AuthAnvil -> SSO Manager and open the Hudu application you created earlier.
      • Click Protocol Setup at the top of the screen.
      • Copy the Identity Issuer and paste in to the SAML Issuer URL field.
    • SAML Login Endpoint.
      • Go to AuthAnvil -> LaunchPad.
      • Right-click on the Hudu Application and click Copy Link Address.Screen_Shot_2020-01-28_at_14.48.04.png
      • Paste in to the SAML Login Endpoint field on Hudu.
    • SAML Logout Endpoint
      • Choose a location that Hudu can redirect users after a successful logout. This cannot be blank, but AuthAnvil does not provide a location. An example could be be https://hudutestapp.my.authanvil.com/apps.
      • Paste this value into SAML Logout Endpoint.
    • SAML Fingerprint.
      • Go to AuthAnvil -> SSO Manager and click on the Hudu application you created earlier.
      • Click Signing and Encryption.
      • Copy the thumbprint listed on the page and paste into the SAML Fingerprint field on Hudu.
    • SAML Certificate
      • Go to AuthAnvil -> SSO Manager and click on the Hudu application you created earlier.
      • Click Signing and Encryption.
      • Click the < > Copy button under the thumbprint. 
      • Paste into the SAML Certificate field. Make sure there is no extra space trailing at the end!
  5. Click "Enable Single Sign-On".
  6. Hit "Update SAML Details" and SAML should now be activated.

Testing SAML

Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!

Disabling password access for non-administrators

You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on 

 

 

Still have questions?

Contact us