One of the SAML providers you can use is Okta (https://www.okta.com).
In order to get started with Okta SAML, you will need:
- Okta account with admin permissions
- All users are provisioned in Okta with the same exact email address. We don't create new user accounts with SSO.
Configuring Okta
- Inside Okta, navigate to the Applications screen and add a new application.
- Click "Create New App"
- When the modal pops up, select SAML 2.0, and then click "Create".
- On the next screen, give the Application a name.
- In Configure SAML, fill in the following fields:
- Single sign on URL: Enter the url of your Hudu instance followed by /saml/consume
- Audience URI: Enter the url of your hudu instance
- Name ID format: Choose EmailAddress
- Application username: Choose Email
- Click "Show Advanced Settings" and fill out the following fields:
- Signature Algorithm: Choose RSA-SHA1
- SAML Issuer ID: fill in https://okta.com/${org.externalKey}
- Click Next.
- Now, choose:
- I'm an Okta customer adding an internal app
- This is an internal app that we have created
- Then click Finish
- On the next screen, click View Setup Instructions.
- Keep the setup instructions open as you fill out the info in Hudu.
Configuring the Fingerprint
- In order to get the fingerprint, go to https://developers.onelogin.com/saml/online-tools/x509-certs/calculate-fingerprint.
- Paste in the certificate from the Setup Instructions.
- Use sha1 as the algorithm.
- Copy the fingerprint. It should look like:
b909502ee82ae32433e6f83886b11d4277a32a7a
Configuring Hudu
The final step is configuring Hudu so you can utilize SSO.
- Login to Hudu and click the Admin cog on the sidebar.
- Click General.
- Click "Enable Single Sign-On".
- Enter the details you found on the previous steps in to the form.
- Copy the Okta Identify Provider Issuer and paste in to the SAML Issuer URL.
- Copy the Okta Identity Provider Single Sign-On URL and paste in to the SAML Login Endpoint and SAML Logout Endpoint.
- Copy the fingerprint you generated above and paste in to the SAML Fingerprint field.
- Copy the certificate and paste in to the SAML Certificate field. Make sure there is no extra space trailing at the end!
- Click "Enable Single Sign-On".
- Hit "Update SAML Details" and SAML should now be activated.
Testing SAML
Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!
Disabling password access for non-administrators
You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on
Comments
0 comments
Please sign in to leave a comment.