Mividas Meeting Portal have support for Single Sign On (SSO) through SAML2 that can be used with (among others) Microsoft ADFS, Keycloak/Redhat SSO and Netscaler as the idP.

SAML idP-settings:

Entity URISet in installer. (example “https://portal.example.org”)
Force NameID-formatyes
NameID-formatPersistent – use username/sAMAccountName as NameID
BindingPOST
Redirect / Login-URLhttps://<portal FQDN>/saml/acs (example “https://portal.example.org/saml/acs”)
Claims:username
email
displayName
memberOf (only required to allow admin-permissions)

Most idPs have these by default, except for memberOf. All claims can be looked up from LDAP if also configured, see below

For idP-specific configuration examples, see:

On prem ADFS: See step by step guide

Azure ADFS:

  • Sign in to the Azure portal and go to the Azure Active Directory service
  • On the left navigation pane, select the Azure Active Directory service.
  • Navigate to Enterprise Applications and then select All Applications.
  • To add new application, select New application.
  • Press New application, then Create your own application
  • Input Mividas and select “Integrate any other application you don’t find in the gallery (Non-gallery)”.
  • Activate the “Single sign-on”-tab and select SAML
  • Edit the Basic SAML Configuration. Use your chosen Entity URI (see table above) and set the Redirect URL from table above in the Sign on URL-field. Press Save.
  • Optionally, add a group clain containing groups that may be used to determinate user permissions. Under advanced options, check “Customize the name of the group claim” and change the Name to memberOf. Press Save.
  • Copy the App Federation Metadata Url to the Metadata XML field in the Mividas Installer.
  • Save and deploy to use the new login

KeyCloak: External link

Configuration in Mividas Installer

To enable SSO, configure your Meeting Portal in the installer and navigate to the “SAML SSO”-settings.

Input the “Entity URI” that you will use in your idP-connection, e.g. “https://portal.example.org” and point to the metatdata.xml for your idP-provider.

For ADFS: https://<ADFS server FQDN>/FederationMetadata/2007-06/FederationMetadata.xml

For Keycloak: https://<Keycloak server FQDN>/auth/realms/<REALM>/protocol/saml/descriptor

Combination with LDAP

If LDAP authentication is also configured, only users that matches the LDAP-filter are allowed to login. Any missing SAML-claims (email, displayName or memberOf) will be looked up from the users LDAP-attributes.

Print page

On this page