SAML Corteza Integration with Azure
To enable SAML SSO on Corteza through Microsoft Azure, you need to create a new application on Azure as well as configure it on the Corteza Admin web application.
The values used in the screenshot and the table are for informational use only and should be changed to reflect your instance settings. |
Prerequisites
Certificates
Corteza requires you to provide a certificate and private key combination. You’ll need to either provide an existing pair or generate a new one.
# This generates a private key
openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
# This generates a self-signed certificate using the private key
openssl req -new -x509 -key private.key -out certificate.crt -days 365
# This packs everything into a .pfx file
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt
The |
Configuring Microsoft Azure
Creating an Azure Application
Navigate to https://portal.azure.com/ and login to your Azure account (if you don’t have an account, create one before continuing). On the home page, click on the Enterprise applications button.
On the list of applications (if your application doesn’t already exist), click on the New application button. If you’ve already created an application, you can skip the app creation step
Click on the create your own application and fill in the app name. Select the Integrate any other application you don’t find in the gallery (non-gallery) option and click on the create button.
Configuring SAML
On the overview page, click on the set up single sign on
Then click on the SAML option which takes you to the SAML-base sign-on configuration screen.
Under the "basic SAML configuration" section, click on the edit button and insert the following:
-
Identifier (Entry ID):
https://api.your-corteza-instance.tld/auth/external/saml/metadata
-
Reply URL:
https://api.your-corteza-instance.tld/auth/external/saml/callback
On the SAML-based sign-on config screen, on the "SAML Certificates" click on the edit button and then on the Import Certificate button.
Provide the .pfx
file we generated at the beginning.
After the certificate is provided, click on the three vertical dots to expand the menu, then mark the certificate as active.
Click yes on the watning popup to complete certificate activation.
Configuring Corteza
Navigate to your-corteza-instance.tld and log in to your Corteza instance. On the home page, click on the Admin Area application.
In the navigation drawer, click on the
and navigate to the "External Authentication Providers" section. Locate the SAML provider and click on the wrench icon to open the configuration modal.Provide the following parameters:
-
Name: this is the label that is shown in the authentication screen (
Login with …your name here…
). -
Certificate/public key: copy-paste the contents of the
certificate.crt
file generated in the prerequisites section. -
Certificate/private key: copy-paste the contents of the
private.key
file generated in the prerequisites section -
Requests/sign requests: tick this box
-
signature method:
SHA256
-
Binding:
HTTP POST
-
Identity provider/URL: copy-paste the value stated under "App Federation Metadata Url"
-
Name Field:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
-
Handle Field:
http://schemas.microsoft.com/identity/claims/objectidentifier
-
Identifier Field:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Click on the Ok button and submit the external authentication provider changes.