{"id":15952,"date":"2018-09-19T23:48:56","date_gmt":"2018-09-19T23:48:56","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=15952"},"modified":"2021-08-27T07:49:07","modified_gmt":"2021-08-27T14:49:07","slug":"configuring-saml-sso","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/single-sign-on-resources\/configuring-saml-sso\/","title":{"rendered":"Manually Configuring SAML 2.0 SSO for Ephesoft Transact 4.5.0.x and 2019.1"},"content":{"rendered":"
Single sign-on (SSO) is a mechanism of access control that can be applied on multiple related, but independent software systems. With this mechanism, a user logs in once and gains access to multiple systems without being prompted to log in again for each individual application. Conversely, single sign-off is a property mechanism whereby a single action of signing out terminates access to multiple software systems.<\/p>\n
As different applications and resources support different authentication mechanisms, single sign-on internally translates to and stores different credentials, compared to what is used for initial authentication.<\/p>\n
SSO has several general benefits, to include the following:<\/p>\n
This document describes how to make manual SAML 2.0 SSO configurations during a new installation of Ephesoft Transact 4.5.0.x or 2019.1.<\/p>\n
Note<\/strong>: Automated SSO configuration for Ephesoft Transact does not have scheduled availability.<\/p>\n Ephesoft Transact has been tested with the following SSO-related components:<\/p>\n There are multiple additional identity providers in the market that support SAML 2.0. Ephesoft has not tested every available identity provider or security product.<\/p>\n This document describes how to make manual SAML 2.0 SSO configurations during a new installation of Ephesoft Transact 4.5.0.x or 2019.1.<\/p>\n Note: <\/strong>This document emphasizes tasks for operational deployment. At some time in the future, Ephesoft may provide a separate document that describes security and SSO concepts.<\/p>\n This document contains the following sections and purposes:<\/p>\n Not all identity providers (IdP) will require SSL\/TLS configuration, but this section provides instructions for those IdPs that do require it.<\/p>\n The following items are required to set up SAML 2.0 SSO authentication with Ephesoft Transact.<\/p>\n OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Use OpenSSL in the case that a trusted Certificate Authority (CA) certificate is not available.<\/p>\n You can download OpenSSL on Windows from the Win32\/Win64 OpenSSL Open Installation Project<\/a><\/p>\n Note<\/strong>: You need to install PERL on the system before using OpenSSL. Refer to the PERL website<\/a>.<\/p>\n This section provides detailed steps for setting up certificates for the Secure Sockets Layer (SSL) or Transport Layer Security (TLS).<\/p>\n To set up SSL\/TLS protocols, you need to use either certificate issued by CA or self-signed certificates, which can be used in the TEST environment as mentioned above.<\/p>\n In a production environment, you must make use of certificates issued by a trusted CA.<\/p>\n For a lab or test environment, you can generate your own dummy self-signed certificates for testing the Ephesoft SSO integration. This can be done using OpenSSL, as described below. OpenSSL is an open-source general-purpose cryptography library, which is used for the implementation of SSL and TLS.<\/p>\n Perform the following steps to create self-signed certificates using OpenSSL:<\/p>\n Note: <\/strong>In the case that cacert.pem<\/strong>, servercert.pem,<\/strong> and serverkey.pem<\/strong> files are already available, then you can directly proceed to Step 7 below.<\/p>\n 1. Locate the OpenSSL CA.pl<\/strong> file, as this file is required to create the dummy CA certificate file.<\/p>\n 2. Create a directory to store certificates:<\/p>\n 3. In Linux<\/strong>, execute the following command:<\/p>\n OR,<\/p>\n In Windows<\/strong>, execute the above command replacing the path of CA.pl <\/strong>with the Windows path.<\/p>\n This creates\u00a0demoCA\/cacert.pem\u00a0<\/strong>(CA Certificate) and\u00a0demoCA\/private\/cakey.pem\u00a0<\/strong> (private key).<\/p>\n Note<\/strong>: The generated cacert.pem is located inside the demoCA folder.<\/p>\n\n
\n
<\/a>SSO Configuration Overview for Ephesoft Transact<\/h2>\n
\n
\n
\n
\n
<\/a><\/a>Prerequisites<\/h1>\n
<\/a>Prerequisite Components<\/h2>\n
\n
\n
\n
\nEphesoft has tested and certified Ephesoft Transact with the following four identity providers:<\/li>\n<\/ol>\n\n
\n
\nIf you need to set up Active Directory in preparation for configuring SSO, refer to one or more of the following articles:<\/li>\n<\/ol>\n\n
\n
<\/a>Obtaining and Installing OpenSSL<\/h1>\n
<\/a><\/a>Configuring SSL\/TLS<\/h1>\n
<\/a>Introduction<\/h2>\n
\n
<\/a><\/a>SSL\/TLS Setup: Server Certificates<\/h2>\n
<\/a><\/a>Production Environment: CA Certificates<\/h3>\n
<\/a><\/a>Testing Environment: Self-Signed Certificates<\/h3>\n
mkdir certificates<\/strong><\/pre>\n
\/usr\/lib\/ssl\/misc\/CA.pl -newca<\/strong><\/pre>\n