/
SAML Authentication

SAML Authentication

Voyager can use SAML authentication where available.  To enable it, you will need to:

  • Configure SAML Authentication

  • Configure the ADFS Server

  • Configure Groups

  • Install Java Cryptography Extension (JCE) Unlimited Strength

NOTE: Java Cryptography Extension (JCE) Unlimited Strength is required.

Configuring SAML authentication

To configure SAML authentication:

Go to Manage > Authentication > SAML

Enter your identity provider metadata

 

Click Save to save the configuration

Select the KeyStore tab to install or create a new certificate

 

Enter the Keystore and Private Key passwords

Click Save

Once the key store is created, click Download Metadata to import the federated data into your server. Alternatively you can upload an already existing key store.

Configuring the ADFS Server

Open the AD FS management console and select Relying Party Trusts

Click Add Relying Party Trust Wizard

Click Start and follow the steps

Select the metadata file exported from Voyager

Click Next

Enter the Display Name

Configure the Issuance Authorization Rules

Review the configuration and click Next

Open the Claim Rules editor

Add a new rule

Open the Send LDAP Attributes as Claims template

Specify the Name ID (required)

Specify the Group and Display-Name attributes (optional)

If you generated a Self-signed certificate you must install it into the Trusted Root Certification Authorities store.

IMPORTANT: Make sure that SHA-1 is selected as secure hash algorithm.

Double-click on the recently added Relaying Party Trust and select the Encryption tab

Click View.. and select Install Certificate

Select the Certificate Store

Click OK

Click Next to store the Certificate

Make sure SAML authentication is enabled and restart Voyager

Managing groups

You can add existing groups and grant them administrator rights

Click Add and optionally grant administration access

Installing Java Cryptography Extension (JCE) Unlimited Strength

Java Cryptography Extension (JCE) Unlimited Strength is required for SAML authentication in Voyager and is not shipped with the bundled JRE in Voyager installer. It can be downloaded from http://www.oracle.com . Make sure you download the right version for your JRE (i.e. Java 7, Java 8). Download and unzip the package and follow the instructions from README.txt.

After installation, you must restart Voyager.