Using LogonBox as a SAML Service Provider (SP)

system

Introduction

This article outlines the information and steps you need to take in order to configure a LogonBox server to authenticate to an external service using SAML.

LogonBox will redirect to a SAML Identity Provider (IdP) where you perform your authentication, before being redirected back to LogonBox with an authenticated session.

 

1. Metadata and certificate from your IdP

On your identity provider you will need to download the SAML Certificate for the connection.

If you can download a metadata file, do this also, otherwise you may have to search for the other required information in your IdP's configuration.

Specifically, LogonBox requires the following items of information:

  • Logon URL
  • Logoff URL
  • Entity ID
  • SAML Certificate

 

2. Configure LogonBox SAML authentication

Log on to your LogonBox server with your admin account. First you will need to install the SAML Authentication module if it is not already installed.

Navigate to Updates, Features & Licensing in the top right menu then install SAML Authentication from the Authentication tab, using the download icon on the right.

Restart the server when prompted with the power icon at bottom right.

 

Now navigate to Authentication Flows and edit the User Login flow. Remove any existing modules and add in the SAML module.

 

Click the edit icon on the SAML module. Enter the values for Entity ID, Sign-in URL (logon URL) and Sign-out URL (logoff URL) that you obtained from your IdP.

Next to Certificate, click the choose file icon and select the certificate file obtained from your IdP. Then click the upload icon.

Click Apply to save the changes, then scroll down and click Save to save the Authentication Flow.

 

 

3. Example login

 

A user navigates to the LogonBox login page, which should redirect to the Identity Provider.

The user enters their username and password, upon success the Identity Provider redirects the user back to LogonBox and they are logged on.

 

Here we'll do a quick example using another LogonBox server as the Identity Provider (for reference, our main LogonBox server has a blue colour scheme, our LogonBox IdP has a green scheme so you can see the difference).

We start on our LogonBox server and click My Account as if we were going to authenticate as normal.

 

We now click next which will redirect us to the IdP for authentication.

 

We have been successfully redirected to our Identity Provider. Enter your username and password here.

 

Authentication succeeds and redirects back to the original LogonBox server and we are logged on.