Okta

How to Configure SAML 2.0 for Ingeniux CMS

Contents

Supported Features

The Okta/Ingeniux CMS SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

If you are Not On-Premise customer, follow the steps below. If you are an On-Premise customer, scroll down to those instructions later in this article.

Not On-Premise

  1. Contact the Ingeniux Support team and request that they enable SAML 2.0 for your Ingeniux On Demand CMS site.

  2. Include the following with your request:

    • IDP Metadata URL: Copy and paste the following URL:

      Sign in to the Okta Admin app to have this variable generated for you

    • Certificate: Copy and paste the following certificate:

      Sign into the Okta Admin Dashboard to generate this variable.

  3. The Ingeniux Support team will process your request and will provide you with their URL in the following format:

    https://your-cms-url

  4. In Okta, select the General tab for the Ingeniux app, then click Edit.

    • Enter https://your-cms-url (the URL provided to you by Ingeniux) into the Base URL field.

    • Click Save.

      • “ingeniux1.png"

  5. Still in Okta, select the Sign On tab for the Ingeniux app, then click Edit.

    • Check the Enable Single Logout box.

    • Save the following x.509 Certificate, then click Browse to locate it and then upload it:

      -----BEGIN CERTIFICATE-----
MIIGezCCBWOgAwIBAgIQGGpdb2uGGBPi9/qC+0+yjTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE2MTAyNTAwMDAwMFoXDTE5MTExOTIzNTk1
OVowITEfMB0GA1UEAwwWKi5pbmdlbml1eG9uZGVtYW5kLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAMXNiL3mYBkBdjAb+VGOX6nWSy/HyhH7hFll
zMP+X077Z+0M2P2UkIFNbh4GigmqBUeENXuEMTm5zC9qkolB2kke6dVqw/J9EWV0
AMvX0iYKQfDBRUIPs8cau0uVPTxhW+J5q7a/A5kxC8v93f5mPlsLikfRmCyj5aY3
STbWzoNW53nuJMXEDflyTP6jtED1zpm/1sgwnHxI39um6ZEdWsDdy1MMsVDu5nuP
bCmyAZat+MMvG9Ra1EQEPwpFeHgMFokPgHZKs/qT4qWKlLBEEnd50lTQLZAb5Lgq
bwOpEIosRJdMOp6DlrQUYbpHZydA5kt5mNBTeCvjDSTJOpXgH3UCAwEAAaOCA4ww
ggOIMDcGA1UdEQQwMC6CFiouaW5nZW5pdXhvbmRlbWFuZC5jb22CFGluZ2VuaXV4
b25kZW1hbmQuY29tMAkGA1UdEwQCMAAwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDov
L2dwLnN5bWNiLmNvbS9ncC5jcmwwbwYDVR0gBGgwZjBkBgZngQwBAgEwWjAqBggr
BgEFBQcCARYeaHR0cHM6Ly93d3cucmFwaWRzc2wuY29tL2xlZ2FsMCwGCCsGAQUF
BwICMCAMHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9sZWdhbDAfBgNVHSMEGDAW
gBSXwidQnsLJ7AyIMsh8reKmAU/abzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcw
AYYTaHR0cDovL2dwLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL2dwLnN5
bWNiLmNvbS9ncC5jcnQwggH5BgorBgEEAdZ5AgQCBIIB6QSCAeUB4wB3AN3rHSt6
DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABV/zEzIIAAAQDAEgwRgIhAK2E
9Exc6zEheYVmdORtLhwG9AXBO7Veqok9B/DrWu6LAiEAwXq69E/buEacd4Iu1Le9
WFQexINhHQTdQcjsuBpox1UAdwBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7
T0/7xAAAAVf8xMylAAAEAwBIMEYCIQD+lNHtPBBCrjJIWTuIv08a/SXRbH7qgjLv
RxKwYLcCFAIhAKJcMD93lL22t3FOHoF6F15RWGfyBwGq0r7b2EIxLOPXAHYA7ku9
t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFX/MTM2AAABAMARzBFAiBx
js99murFgPBxBaaMbW+IkbI31YBQR2WaauQCiCYQtAIhAN+Cm/bjRiidna11n0Sc
jpJGvZv3+x+Yaksh5UK0mjAKAHcAvHjh38X2PGhGSTNNoQ+hXwl5aSAJwIG08/aR
fz7ZuKUAAAFX/MTNawAABAMASDBGAiEApLJxWRR9uBsOoebMng5KkN+/9dHSbgt1
u+pWMxCFYlgCIQDByopV8QWylGXWZxD0sthbdBl1NyQyR0yIJJd2xjOqjjANBgkq
hkiG9w0BAQsFAAOCAQEAHw8/VBhvta4i77S8msVADL/Qu5Dcrs/O6emNmrEhszEu
OCgPLBfm66ta2fIbCD+F5QUT5nGhZKxjhGfcndtGv3JNmBLNh1Nh+FbJp9pD+bB9
sUxBYkjJu/JxIQZuFgiqH5frD10NcWMsd8wTUuYj0Whdu2AlWOMrLhKdVHQLDKxX
ipQFY/qJEObPG6Pvs4r+HyNGxCFISCSW7PQIYWJfBRNmf2/JY5OSnIC9S76fna6M
BsOWdtbKaFlutFabm4uWQPIAhEgE842JCO3PgKDGGlXT8pyTBsD3cFoFv0oBy08A
Nvl2hOkf03AR0Khq/My9qd+x2rtURR+vFckbI12vMg==
-----END CERTIFICATE-----

    • Click Save.

      • “ingeniux2.png"

  6. Done!

On-Premise

The following instructions are for on-premise customers

  1. Login to the CMS server and open the \site\saml.config file in a text editor.

  2. Configure the values displayed in blue font with your site's values. Note that they are case sensitive.

    3. <SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
<ServiceProvider Name= https://your-cms-url
              Description="Ingeniux CMS"
              AssertionConsumerServiceUrl="~/SAML/AssertionConsumerService"
              LocalCertificateFile="filename-for-ssl-cert.pfx"
              LocalCertificatePassword="YourSecurePassword" />
  <PartnerIdentityProviders>
    <PartnerIdentityProvider
        Name="http://www.okta.com/exk17xt6x1tFwlxFy1d8"
        Description="Okta"
        SignAuthnRequest="true"
        SignLogoutRequest="true"
        WantSAMLResponseSigned="true"
        WantAssertionSigned="false"
        WantAssertionEncrypted="false"
        DisableAudienceRestrictionCheck="true"
        DigestMethod="http://www.w3.org/2001/04/xmlenc#sha256"
        SignatureMethod="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
        SingleLogoutServiceBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
        SingleSignOnServiceUrl="https://okta-coe-test.okta.com/app/ingeniuxcms/exk17xt6x1tFwlxFy1d8/sso/saml
        SingleLogoutServiceUrl="https://okta-coe-test.okta.com
        PartnerCertificateFile="https://okta-coe-test-admin.okta.com/admin/org/security/0oa17xt6x1uyQUEzS1d8/cert" />
  </PartnerIdentityProviders>
</SAMLConfiguration>

  3. Edit \site\local-membership.config and add in a new record for:

    <add name="Okta" type="Ingeniux.CMS.Models.SAMLProvider" idpPartner="http://www.okta.com/exk17xt6x1tFwlxFy1d8" />

  4. Save your changes, recycle CMS application pool, then attempt to login.

  5. Done!

Notes

Make sure that you entered the correct value in the Base URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Ingeniux CMS.

SP-initiated SSO

  1. Go to https://your-cms-url

  2. Click Login:

    “ingeniux3.png"