PhenixID

Step by Step – SiteVision MFA and SSO with PhenixID Authentication Services

Summary

This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for the CMS platform SiteVision (https://www.sitevision.se/in-english.html) using SAML2.

 

System Requirements

  • PhenixID Authentication Server 2.8 or higher
  • SiteVision administration rights
  • The users to be federated must be present in SiteVision. Use PhenixID Identity Provisiong to provision user accounts to SiteVision (https://support.phenixid.se/psd/psd-phenixid-identity-service/psd-user-provisioning/psd1148-sitevision-actions-for-identity-provisioning/).

Instruction

Overview

This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for SiteVision .

PhenixID Server acting as SAML IdP

  1. Setup PhenixID Authentication Services as a SAML IdP using one of the Federation scenarios described here. (If the desired authentication method is not provided by a scenario, use the documentation for the SAML authenticator here)
  2. Fetch the SiteVision userID value from the user store or from the data produced by the authentication (such as a certificate attribute) (depending on your use case).
  3. Use the userID as Name ID attribute.
  4. Add these attributes as additional attribute:
    urn:oid:0.9.2342.19200300.100.1.1,givenName,sn,mail
  5. Add a valve to the execution flow that contains the AssertionProviderValve. Place it before the AssertionProviderValve.
    Example:


    Change the value to match your configuration.
  6. Expand the AssertionProviderValve.
  7. Add a Misc param, signAssertion=true. Example:
  8. Go to Scenarios->Federation-> <newly_added_scenario> -> Identity Provider. Deselect “Require signed requests”. Save.
  9. [OPTIONAL] To control SiteVision permissions on the IdP, you can add a Groups attribute to the SAML assertion. Read more about virtual groups in Sitevision here: https://help.sitevision.se/12701414.html

Configure SiteVision

  1. Configure SiteVision SAML settings by following the guide at https://help.sitevision.se/12709836.html.
    For the IDP info, point to the IDP Metadata link at https://<YourServerDomainName>/saml/authenticate/<authenticator_alias>?getIDPMeta
    OR
    Select “as text”, then insert the idp meta xml.
  2. Browse to <SiteVision_domain>/saml/metadata to fetch the SAML Service Provider metadata
  3. Save the Service Provider metadata as a file, sitevisionsp.xml.

Add trust to SiteVision on PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add SiteVision SAML SP Metadata by uploading the file downloaded in previous step (sitevisionsp.xml)

Test

  1. Browse to your SiteVision site
  2. This should result in a redirect to PhenixID Authentication Server
  3. Authenticate
  4. If authentication was successful, a redirect to SiteVision should occur (with SAML assertion)
  5. The user should now be logged in.

Troubleshooting

  • If error message is presented on PhenixID Authentication Services page, please check server.log for details.
  • If error message is presented on SiteVision, please consult SiteVision logs for details.


DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se