Introduction
Here is a tutorial for setting SAML as SP (Service Provider) and Okta as an Identity Provider (IDP). Below would be the flow on how it would be if you have successfully implemented it.
With clicking the login, you would be redirected to the next image in Figure 1.
Figure 1: Login screen
Figure 2: Login page using Okta IDP
Upon successfully login in with your register email you would be redirected to your Joget DX.
Download Plugin
Please visit https://github.com/jogetoss/sp-saml-directory-manager to download the plugin.
Setting up
First thing first wee need to create a new App intergration with SAML 2.0.
Figure 3: App Integration
After selecting SAML 2.0, we have to give an app name and click on "Do not display application icon to users"
Figure 4: General Settings section
To fill up the section in figure 5, to ease out the process. We have to upload the sp-saml-directory manager jar file onto our Joget DX 8 first.
Figure 4: SAML Settings section
Upon uploading go into System Settings and Directory Manager Settings and select the SAML Service Provider Directory Manager like in Figure 5. Upon selecting, it will lead you to the image as Figure 6.
Figure 5: Select Plugin
Figure 6: Plugin Configuration
As you can see you the plugin has shown you your Entity ID and ACS URL so that you could use. Copy the value and past it under Single sign-on URL, Audience URI, and Default RelayState. Change Name ID format onto EmailAddress.
Upon completing that section it would look as below image in figure 7.
Figure 7: SAML Setting (General)
Scroll a bit below and you would stumble upon Attribute Statements(optional). Just fill up the text boxes as below and we are good to go.
Below value is needed so that to identify the users that will be logging into our system.
Figure 8: Attribute Statements
Upon filling up everything under general for the necessary stuff. You could preview the SAML Assertion. If you are happy we could go to the next page.
Figure 9: SAML Assertion
Upon clicking next just Click on I'm an Okta customer adding an internal app, and This is an internal app that we have created.
That is all for the Okta configuration. At least we have setup Okta IDP. But we are not quite there yet. Upon finishing, we need to copy two more information.
Which is, the certificate and the metadata. Below is where you could locate it.
Figure 10A: Metadata URL
Figure 10B: Metadata Value
Figure 11A: Download Certificate
Figure 11B: Okta Certificate
Open the certificate with your favourite editor and copy the value. Upon copying those value, you could insert those value in Figure 6.
Only copy the highlighted data in Figure 10. You have to click on User Provisioning Enabled, this is because upon enabling this the user that sign in
would be registered onto the system. If not the data wouldn't be able to be capture and leads to different behaviour. Figure 12 would be how it would look like
after completing the action. Upon clicking Submit you would landed onto the page in figure 13. You have to make sure the data is the same as in figure 8.
The first name and the e-mail attribute is mandatory.
Figure 13: Configure User Attributes
One last step that we need to do is assign user in Okta like in figure 14. Upon creating the user you need to assign the newly registered account to the
newly created App and we are good to go.
Figure 14: Add Person
Figure 15: Assign to People
Figure 16: Assign people