sso_authentication
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
sso_authentication [2019/07/09 11:48] – [Create the Relying Party Trust in AD FS] lucy | sso_authentication [2021/03/16 14:36] (current) – lucy | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Background Info ===== | ===== Background Info ===== | ||
- | :!: This feature is available in Lucy 4.6 or newer version. | + | :!: This feature is available in Lucy 4.6 or newer version. \\ |
+ | :!: We do not recommend using Let's Encrypt certificates with an SSO provider due to the short live term of charge-free certificates. | ||
Lucy allows you to set the SSO authentication by using the Lightweight Directory Access Protocol (LDAP) to access Admin console and EndUser portal. This also allows you to use a non-unique link for the awareness website within a campaign. | Lucy allows you to set the SSO authentication by using the Lightweight Directory Access Protocol (LDAP) to access Admin console and EndUser portal. This also allows you to use a non-unique link for the awareness website within a campaign. | ||
Line 20: | Line 21: | ||
* ADFS 4.0 (Windows Server 2016) | * ADFS 4.0 (Windows Server 2016) | ||
* ADFS 5.0 (Windows Server 2019) | * ADFS 5.0 (Windows Server 2019) | ||
+ | * Azure AD (refer to [[sso_azure|this guide]] to have a detailed instructions) | ||
+ | * Okta (refer to [[sso_okta|this guide]] for more details) | ||
The connection to the AD FS can be configured within the Settings / SSO Configuration: | The connection to the AD FS can be configured within the Settings / SSO Configuration: | ||
Line 74: | Line 77: | ||
* On your AD FS server, open the **AD FS Management** console, expand **Trust Relationships** and select the **Relying Party Trusts** node. In the Actions pane, click **Add Relying Party Trust**: | * On your AD FS server, open the **AD FS Management** console, expand **Trust Relationships** and select the **Relying Party Trusts** node. In the Actions pane, click **Add Relying Party Trust**: | ||
- | **Attention** :!: If the Lucy Admin Console is configured on a non-standard port (for example, port 8443, see more [[firewall_security_settings|here]]), | + | **Attention** :!: If the Lucy Admin Console is configured on a non-standard port (for example, port 8443, see more [[firewall_security_settings|here]]), |
+ | The first will be: **https:// | ||
+ | Second: **https:// | ||
+ | \\ | ||
In case access to the Lucy Admin Console is limited to a range of IP addresses, you must include an ADFS server in this range. | In case access to the Lucy Admin Console is limited to a range of IP addresses, you must include an ADFS server in this range. | ||
Line 162: | Line 168: | ||
{{ :: | {{ :: | ||
+ | |||
+ | ===== Useful tips ===== | ||
+ | |||
+ | **How to update or replace SSL certificate used for SSO authentication? | ||
+ | |||
+ | You should first update your SSL certificate within the SSL Settings. Refer to this [[ssl_configuration|page]] for detailed instructions. | ||
+ | |||
+ | Once the SSL certificate is updated, go to the SSO Settings page, upload XML metadata file and click Save button. To verify whether the certificate is applied, click " | ||
===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
Line 176: | Line 190: | ||
**Solution**: | **Solution**: | ||
+ | |||
+ | **Issue**: (AD FS) Login with a single sign-on sometimes does not work (it redirects to the Lucy's login page after successful login at AD FS website) . \\ | ||
+ | |||
+ | **Solution**: | ||
+ | |||
+ | < | ||
+ | Set-AdfsRelyingPartyTrust -TargetName "Your RelyingParty Name" -SigningCertificateRevocationCheck None | ||
+ | </ | ||
+ | |||
+ | **Issue**: (AD FS) Login with a single sign-on stopped working after update to Lucy 4.7 (it redirects to the Lucy's login page after successful login at AD FS website) . \\ | ||
+ | |||
+ | **Solution**: | ||
+ | |||
+ | **Issue**: A blank window appears after successful authentication at SSO provider website and there an error in the web server logs (Apache): " | ||
+ | |||
+ | **Solution**: |
sso_authentication.1562665697.txt.gz · Last modified: 2019/07/25 12:50 (external edit)