Mividas Meeting Portal have support for Single Sign On (SSO) through SAML2 that can be used with (among others) Microsoft ADFS, Keycloak/Redhat SSO and Netscaler as the idP.
SAML idP-settings:
Entity URI | Set in installer. (example “https://portal.example.org”) |
Force NameID-format | yes |
NameID-format | Persistent – use username/sAMAccountName as NameID |
Binding | POST |
Redirect / Login-URL | https://<portal FQDN>/saml/acs (example “https://portal.example.org/saml/acs”) |
Claims: | username displayName memberOf (only required to allow admin-permissions) Most idPs have these by default, except for memberOf. All claims can be looked up from LDAP if also configured, see below |
For idP-specific configuration examples, see:
On prem ADFS: See step by step guide
Azure ADFS:
- Sign in to the Azure portal and go to the Azure Active Directory service
- On the left navigation pane, select the Azure Active Directory service.
- Navigate to Enterprise Applications and then select All Applications.
- To add new application, select New application.
- Press New application, then Create your own application
- Input Mividas and select “Integrate any other application you don’t find in the gallery (Non-gallery)”.
- Activate the “Single sign-on”-tab and select SAML
- Edit the Basic SAML Configuration. Use your chosen Entity URI (see table above) and set the Redirect URL from table above in the Sign on URL-field. Press Save.
- Optionally, add a group clain containing groups that may be used to determinate user permissions. Under advanced options, check “Customize the name of the group claim” and change the Name to memberOf. Press Save.
- Copy the App Federation Metadata Url to the Metadata XML field in the Mividas Installer.
- Save and deploy to use the new login
KeyCloak: External link
Configuration in Mividas Installer
To enable SSO, configure your Meeting Portal in the installer and navigate to the “SAML SSO”-settings.
Input the “Entity URI” that you will use in your idP-connection, e.g. “https://portal.example.org” and point to the metatdata.xml
for your idP-provider.
For ADFS: https://<ADFS server FQDN>/FederationMetadata/2007-06/FederationMetadata.xml
For Keycloak: https://<Keycloak server FQDN>/auth/realms/<REALM>/protocol/saml/descriptor
Combination with LDAP
If LDAP authentication is also configured, only users that matches the LDAP-filter are allowed to login. Any missing SAML-claims (email, displayName or memberOf) will be looked up from the users LDAP-attributes.