Implementing SAML with OneLogin

One of the SAML providers you can use is OneLogin (onelogin.com) 

In order to get started with OneLogin SAML, you will need:

  • OneLogin account with admin permissions
  • All users are provisioned in OneLogin with the same exact email address. We don't create new user accounts with SSO. 

Configuring OneLogin

  1. In OneLogin, as an administrator, go to Applications > Applications in the header.
  2. Click Add App:mceclip0.png
  3. Search for SAML test and click the SAML Custom Connector (Advanced) mceclip2.png
  4. Give it a name (and - optionally - icons and a description). Hit the Save button.mceclip3.png
  5. Now, navigate to the Configuration tab, and set the following values for each field (we use docs.mywebsite.com as the example, but it would be the subdomain and Hudu URL you are using):
    1. Audience (EntityID): https://docs.mywebsite.com
    2. Recipient: https://docs.mywebsite.com/saml/consume
    3. ACS (Consumer) URL Validator: https://docs.mywebsite.com/saml/consume
    4. ACS (Consumer) URL: https://docs.mywebsite.com/saml/consume
    5. Single Logout URL: https://docs.mywebsite.com
    6. Login URL: https://docs.mywebsite.com
    7. All other values will stay as default
  6.  Now, navigate to the SSO tab:
    1. Set the SAML Signature Algorithm to SHA-256mceclip4.png
  7.  Save the App. 

Configuring Hudu

The final step is configuring Hudu so you can utilize SSO.

  1. Login to Hudu and click the Admin cog on the sidebar.
  2. Click General.
  3. Click "Enable Single Sign-On".
  4. Enter the details you found on the previous steps (from the SSO tab in OneLogin for the App) in to the form.
    • Copy the Issuer URL and paste in to the SAML Issuer URL.
    • Copy the SAML 2.0 Endpoint (HTTP) and paste in to the SAML Login Endpoint
    • Copy the SLO Endpoint (HTTP) and paste in to the SAML Logout Endpoint.
    • In the X.509 Certificate section, click View Details
      • Make sure the SHA fingerprint is set to SHA1
      • Copy the fingerprint field and paste in to the SAML Fingerprint field.
      • Copy the X.509 Certificate field and paste in to the SAML Certificate field. Make sure there is no extra space trailing at the end!
  5. Click "Enable Single Sign-On".
  6. Hit "Update SAML Details" and SAML should now be activated.

Testing SAML

Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!

Disabling password access for non-administrators

You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on 

 

Still have questions?

Contact us