Versions Compared

Old Version 1

changes.mady.by.user Karl Henselin

Saved on

compared with

New Version Current

changes.mady.by.user Chandresh Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

SSO integration using SAML requires FlexDeploy to be available from a HTTPS url.

...

See

You must also download the Okta Certificate (from within the Okta Edit SAML Settings).

...

Code Block
callbackFilter.defaultUrl = /flexdeploy
saml2Config = org.pac4j.saml.config.SAML2Configuration
saml2Config.keystorePath = PATH_TO_YOUR_KEYSTORE_FILE
saml2Config.keystorePassword = KEYSTORE_PASSWORD
saml2Config.privateKeyPassword = PRIVATE_KEY_PASSWORD
saml2Config.identityProviderMetadataPath = OKTA_METADATA_URL
saml2Config.maximumAuthenticationLifetime = 3600
saml2Config.serviceProviderEntityId = AUDIENCE_RESTRICTION
saml2Config.serviceProviderMetadataPath = FLEXDEPLOY_HOME/apache-tomcat-flexdeploy/sso/FlexDeployMetadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
clients.callbackUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/callback
clients.clients=$saml2Client
isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = SAML2Client
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin
logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = false
logout.defaultUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/next/#/home
Info

Configuration Tips

If the Java keystore referenced (line 3) does not exist, it will automatically be created, and key will be generated and inserted into the keystore using the passwords provided (line 3 and 4).

The Okta Identity Provider Metadata can be found from within the Sign On tab of your Okta application.

Group Mapping with Okta SAML

Add a group Attribute Statement in Okta.

Set the name to groups, and FlexDeploy will find the groups without any modification of the group name attribute, or if you change it, use the same value in FlexDeploy.

Set your filter as desired.

...