Configuring SAML Single Sign-on

Create SAML directory in MetaDefender Core

  1. Sign in to MetaDefender Core.
  2. In the dashboard, click on User Management in the left sidebar.
  3. On User Management page, select Directories tab and click Add Directory in the top right corner.
  1. In Add Directory page, select SAML as Directory type, and enter a name for the new directory, such as MDCore-SAML.
  2. In Service Provider section, enable Use custom entity ID option and enter the ID, such as MDCORE-PINGONE-SAML, then store it in entity_id.
  3. Enter Host or IP where MDCore is hosted, for this example use https://127.0.0.1:8008.
  4. Copy the string generated under Login URL and store it as reply_uri.

Create and configure SAML application in PingOne

  1. In the PingOne Overview page, navigate to Connections on the sidebar.
  1. Click the plus button to add a new application.
  1. Enter the application name, MDCore-SAML as an example, choose SAML Application for Application Type, and click Configure.
  1. Select Manually Enter for SAML Configuration, fill in ACS URLs with reply_uri, Entity ID with entity_id, and click Save.
  1. Select Configuration tab, navigate to IDP Metadata URL, copy the link below, and store it in metadata_url.
  1. Select Attribute Mappings tab and click Edit button.
  1. On Edit Attribute Mappings page, click Add to create a new mapping.

In this step, we create a mapping from the key name used by MetaDefender Core to the one exported by PingOne. For example, we set given_name mapped to Given Name from PingOne. Later, given_name is utilized by MetaDefender Core to identify the logged-in user..
  1. Enter the attribute name, given_name in this example, select the item Given Name in PingOne Mappings, enable Required option, and click Save to complete.
  1. Enable the new application in PingOne.

Complete configuration in MetaDefender Core

  1. Switch back to MetaDefender Core. Under Identity Provider, click Fetch URL, paste the value of metadata_url into the box below, click OK, and wait a moment for MetaDefender Core to check and set PingOne as its IdP.
  1. Under Service Provider, fill in ${given_name} in the box labeled User identified by.
  1. Select Default role option, choose the appropriate role to assign to users under User Role, and click Add to complete the settings in MetaDefender Core.
  1. On User Management page, toggle the new directory, MDCORE-SAML in this example. A dialog box will appear to confirm the action. Once Enable is clicked , all sessions will expire immediately.

Test the integration

  1. On the home screen of MetaDefender Core, click Login; the user is redirected to PingIdentity login page.
  1. Sign in using the account registered with PingIdentity.
  2. If everything goes well, MetaDefender Core dashboard is displayed with the user identity in the top right corner.
  1. Otherwise, access backup login page at <mdcore-host>#/public/backuplogin for trouble shooting.

Test IdP-initiated login

  1. Sign in to PingOne management page.
  2. In the left sidebar, click on Connections, then Applications.
  3. Select the SSO directory from which IdP-initiated login is enabled, such as MDCore-SAML in this example.
  1. In the right sidebar, click on Configuration tab. Copy the URL under Initiate Single Sign-On URL.
  1. Paste the URL into your browser and try to sign in.
  1. If everything goes well, MetaDefender Core dashboard is displayed with the user identity in the top right corner.
  1. Otherwise, access backup login page at <mdcore-host>#/public/backuplogin for trouble shooting.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Configuring OIDC Single Sign-on
On This Page
Configuring SAML Single Sign-onCreate SAML directory in MetaDefender CoreCreate and configure SAML application in PingOneComplete configuration in MetaDefender CoreTest the integrationTest IdP-initiated login