Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Applies to: (tick) Kyvos Enterprise  (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

(tick) Kyvos Azure Marketplace   (tick) Kyvos GCP Marketplace (tick) Kyvos Single Node Installation (Kyvos SNI)

Okta uses SAML 2.0 protocol to communicate with web applications (like Kyvos) for carrying on SSO. To use Okta for external authentication in Kyvos, enable SAML for the Kyvos Web application.
To know more about SAML 2.0, click here.

Prerequisites

  1. To enable SAML for Kyvos, you must have the following certificate files

    1. X.509 certificate file

    2. Service Provider Key File

  2. Register the Kyvos application with your Okta account, and generate and download the following:

    1. Single Sign-On URL

    2. Identity Provider Issuer

    3. X.509 Certificate File

SAML configuration in Kyvos Manager

To configure SAML2.0 as an external authentication provider for the Kyvos Web Portal, perform the following steps. 

  1. On the Kyvos Manager, navigate to Security > Web based SSO page.

  2. Select the Enable External Authentication checkbox to define the external authentication mechanism for the Kyvos Web portal.

  3. Select the SAML2.0 option from the Provider list.

  4. Enter details as:

    Parameter/FieldComments/Description
    Header NameEnter the name of the HTTP header that contains the user name in the HTTP request.
    Header TypeSelect the type of value to be sent by the external authentication tool as an SSO token.
    Error Redirection URLEnter the URL to which the user will be redirected if there is an error in authenticating the Kyvos application with SAML2.0. This option is displayed only if SAML2.0 is selected as an external authentication provider.
    Both relative and absolute URLs are supported.
    Example: /error/exception.jsp and http://host:port/appname
    Service Provider Single Sign-On Return URLEnter the Kyvos Web Portal URL, on which the application redirects after a single sign-on.
    Service Provider IssuerEnter the name of the service provider issuer to identify your Kyvos Server installation to the Identity Provider. You can use your Kyvos Web Server URL here.
    X.509 Certificate FileUpload the standard format certificate (X.509) file. This is a Privacy Enhanced Mail (PEM)-encoded x509 certificate with the .crt file extension.
    Service Provider Key FileUpload the service provider's private key file. This is an RSA or DSA private key file with .key extension. This is not password protected.
    Single Logout URLEnter the identity provider's single sign-out URL.
    Single Sign-On URLEnter a single sign-on URL. This is the URL generated by SAML2.0 while integrating the Kyvos application.
    Identity Provider IssuerEnter identity provider issuer as generated by SAML2.0.
    X.509 Certificate FileUpload the X.509 certificate file for SAML2.0.

  5. Click the Save button to save changes.

Verifying configuration in Kyvos Manager

Once the settings are saved, verify the values of these properties in the Kyvos Manager.

  1. For this, click Manage Kyvos  Properties. The Properties page is displayed.

  2. In the kyvosclient.properties verify the values for the following.

    Property Name

    Description

    Value

    EXT_AUTH_ENABLED

    Enable/disable the access to Kyvos application using external authentication

    Yes

    EXT_AUTH_INSTANT_LOGIN

    Enable/disable the native Kyvos login along with the external authentication

    Yes

    EXT_AUTH_PROVIDER

    Name of the external authentication provider.
    Possible values: SAML2.0 and HOST_APP

    SAML2.0

    EXT_AUTH_HEADER_ID

    In case of HOST_APP authentication, custom header will be sent against the key specified here.

    username

    EXT_AUTH_PARAMETER_VALUE_TYPE

    Indicates what information is provided in EXT_AUTH_HEADER_ID parameter.
    Possible values: username, sessionid, or email.

    USERNAME

    EXT_AUTH_ERROR_REDIRECT_URL

    In case of error in authentication, the Kyvos application will be redirected to this URL.
    By default, the application will be redirected to Kyvos login page.

    Value given in the Error Redirection URL field.

    EXT_AUTH_SIGN_OUT_REDIRECT_URL

    In case of logout in authentication, the Kyvos application will be redirected to this URL.
    By default, the application will be redirected to Kyvos login page.

    Value given in the External Authentication Sign-Out URL

    EXT_AUTH_HOMEPAGE_URL

    In case of integration, the external app will be redirected to this URL on session timeout.
    Mandatory to set this in case integration is through Kyvos session sharing mechanism.

     

  3. In the olapengine.properties verify the values for the following.

Property Name

Description

Value

CLIENT_URL

Defines the REST API URL for validating SSO by the BI Server.

The Kyvos web URL configured in your environment.


  • No labels

Copyright Kyvos, Inc. All rights reserved.