edf301cfa3
Signed-off-by: Claudius <opensource@amenthes.de>
2.3 KiB
2.3 KiB
Authentication guide - SAML (OneLogin)
Note: This guide was written before the renaming. Just replace HackMD
with CodiMD
in your mind 😄 thanks!
- Sign-in or sign-up for an OneLogin account. (available free trial for 2 weeks)
- Go to the administration page.
- Select the APPS menu and click on the Add Apps.
- Find "SAML Test Connector (SP)" for template of settings and select it.
- Edit display name and icons for OneLogin dashboard as you want, and click SAVE.
- After that other tabs will appear, click the Configuration, and fill out the below items, and click SAVE.
- RelayState: The base URL of your hackmd, which is issuer. (last slash is not needed)
- ACS (Consumer) URL Validator: The callback URL of your hackmd. (serverurl + /auth/saml/callback)
- ACS (Consumer) URL: same as above.
- Login URL: login URL(SAML requester) of your hackmd. (serverurl + /auth/saml)
- The registration is completed. Next, click SSO and copy or download the items below.
- X.509 Certificate: Click View Details and DOWNLOAD or copy the content of certificate ....(A)
- SAML 2.0 Endpoint (HTTP): Copy the URL ....(B)
- In your hackmd server, create IdP certificate file from (A)
- Add the IdP URL (B) and the Idp certificate file path to your config.json file or pass them as environment variables.
- config.json:
{ "production": { "saml": { "idpSsoUrl": "https://*******.onelogin.com/trust/saml2/http-post/sso/******", "idpCert": "/path/to/idp_cert.pem" } } }
- environment variables
HMD_SAML_IDPSSOURL=https://*******.onelogin.com/trust/saml2/http-post/sso/****** HMD_SAML_IDPCERT=/path/to/idp_cert.pem
- config.json:
- Try sign-in with SAML from your hackmd sign-in button or OneLogin dashboard (like the screenshot below).