Summary
This document will guide you through the steps to configure PhenixID Authentication Services to deliver multi-factor authentication and Single Sign-on (SSO) to DigiExam (https://www.digiexam.com/).
System Requirements
- PhenixID Authentication Services 2.7 or higher
- PhenixID Authentication Services configured with a SAML Identity Provider connected to Skolfederation. Follow this step-by-step to add PhenixID Authentication Services to Skolfederation.
Instruction
Configure Execution flow for DigiExam
- Login to Configuration Manager
- Click Scenarios, Federation.
- Select your previously configured IdP for Skolfederationen.
- Click Execution Flow
- Prepare SAML<->User Store attribute mapping for DigiExam using this guide. The SAML attributes to be sent to DigiExam:
- urn:oid:0.9.2342.19200300.100.1.3
- urn:oid:2.5.4.42
- urn:oid:2.5.4.4
- urn:oid:1.3.6.1.4.1.5923.1.1.1.9
- urn:oid:1.2.752.194.10.2.4
- Expand the last execution flow and look for an existing AssertionProvider
- Expand the AssertionProvider
- Copy the Target Entity ID Value
- Add new valve to the last execution flow (where the SAML Assertion is produced)
- Type=AssertionProvider
- Set Target Entity ID to the previously copied value
- Set NameID attribute = userPrincipalName
- Set Additional attributes = urn:oid:0.9.2342.19200300.100.1.3,urn:oid:2.5.4.42,urn:oid:2.5.4.4,urn:oid:1.3.6.1.4.1.5923.1.1.1.9,urn:oid:1.2.752.194.10.2.4
- Set SourceID = https://app.digiexam.com/api/v1/saml/metadata
- Add a Miscellaneous value: nameIdFormat =
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
See example:
- On the Advanced tab of the valve you should limit the AssertionProvider to only be executed when authentication to DigiExam is requested. Add this to Execute if expression:
request.get(‘resolvedSPID’).contains(‘https://app.digiexam.com/api/v1/saml/metadata’)
- Save. Make sure the new AssertionProvider added is placed last in the Execution flow list.
- Click on Identity Provider
- Copy the POST SSO URL value. This will be used for testing (see below).
Test
- Find out the post_sso_url for your previously created IDP.
That can be find in the page:
Scenarios, Federation, “your IDP authenticator”, Identity Provider. - Open a browser and open <post_sso_url_from_previous_step>?resolvedSPID=https://app.digiexam.com/api/v1/saml/metadata
- Authenticate
- Verify that you are redirected to the DigiExam application after login with a valid SAML Assertion. Please consult PhenixID for additional debugging if needed.
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.
PhenixID - support.phenixid.se