Using SAML for Single Sign-On in the Akana Platform

Instructions for configuring a SAML Web SSO domain and enabling single sign-on login for Community Manager.

Table of Contents

Prerequisites

Before you start, do the following:

  1. Install the Akana SAML 2.0 Web Browser SSO Service Provider plug-in on the Community Manager container.

    Installation plug-ins list: Akana SAML 2.0 Web Browser SSO Service Provider

  2. Install the Akana SAML 2.0 Web Browser SSO Service Provider UI plug-in on the Policy Manager container.

    Installation plug-ins list: Akana SAML 2.0 Web Browser SSO Service Provider UI

  3. Generate the metadata.xml file from your SAML identity provider and have it ready.

Configuration on Policy Manager

  1. Log in to Policy Manager.
  2. Navigate to Configure > Security > Identity Systems > Add Identity System.
  3. From the Identity System Type drop-down list, select SAML Web Browser SSO.

    Policy Manager -- Modify Identity System Wizard

  4. Upload the metadata.xml file from your SAML identity provider, and then click Next.

    Policy Manager, SAML setup -- select configuration method

  5. If the Entity ID is not automatically populated, provide it. Then, select the appropriate Authentication URLs and Logout URLs, as shown in the example below.

    Policy Manager, SAML Identity Provider Configuration

  6. Make sure the options below are selected, and with the correct values, and that the Entity ID and Base URL values match the values from your SAML identity provider.

    Policy Manager, SAML Service Provider Configuration.

    Policy Manager, SAML setup -- Metadata Configuration

  7. Create a self-sign certificate, and upload the certificate to your SAML identity provider (or use the Import PKI Keys & X509 Certificate feature and upload the certificate to your SAML identity provider).

    Policy Manager, SAML setup -- Manage PKI Keys

    Policy Manager, SAML setup -- Manage PKI Keys, Certificate Details

    Note: Download the cert to your local folder, and then upload it to your SAML identity provider. The provider can use this certificate to encrypt the SAML Assertion.

  8. Attribute Mapping must match with your SAML identity provider's configuration.

    Policy Manager, SAML setup --Identity mapping

Configuration on Community Manager

  1. Log in to the Community Manager developer portal.
  2. Go to More > Admin > Logins.
  3. Select the check box next to the SAMLWebSSO domain to enable it as a platform login domain, and then click Save.

    SAML Web SSO use case -- Community Manager, enable login domain

  4. Optional, required only if the same LDAP is used and users are already logged in to CM with LDAP domain: In the database, move all the users from the LDAP domain to the SAML Web SSO domain.

Steps to Verify the SSO configuration

  1. In the Community Manager developer portal, in the Login page, select the SAML login domain, as shown below.

    SAML Web SSO use case -- Community Manager, logging in

  2. Verify that the user is taken to the SAML SSO login page for your provider, as shown in the example below. Enter the LDAP credentials, and then click the Sign On button.

    SAML Web SSO use case -- Community Manager, redirect to Identity Provider Sign On page

  3. Verify that the user is successful in logging in to Community Manager using the LDAP credentials configured for SAML.

    SAML Web SSO use case -- logged in