Tutorial 2: How Applications Log In with EnOS Accounts - SAML Protocol


In this tutorial, the Jenkins is taken as an example to log in to the SSO Server in compliance with the SAML protocol.

Prerequisites

  • You have an EnOS system administrator account and have all operation permissions for Single Sign-on. For more information, see Policies, Roles and Permissions.

  • You have an EnOS OU administrator account, and have been authorized by the system administrator with the operation permissions for Single Sign-o. For more information, see Policies, Roles and Permissions.

  • If you have a Jenkins administrator account, contact the O&M personnel to activate it.

Procedure

Step 1: Register Jenkins Client on SSO Server

  1. In the EnOS Management Console, select Single Sign-On > Client Management.

  2. Click New Client and provide the following information.

    • Client Configuration

      • Client Protocol: SMAL

      • Client ID: enos-smal

      • Login Redirect URL: http://localhost:8090/securityRealm/finishLogin (The endpoint that receives the authentication results on the SP side in the SAML protocol - AssertionConsumerService)

      • Logout Redirect URL: http://localhost:8090/samlLogout (The SLO endpoint at the SP side in the SAML protocol - SingleLogoutService)

      • Base URL:

      • Default Identity Provider: Management Console

      • Client Signature: enabled


    • Scope Configuration

      • Select email and profile.


    • SAML Keys: Click smal_key to generate the SAML key.


  3. Click Save to complete the creation of the new client.

Step 2: Configure Jenkins Client

  1. Download and install Jenkins-saml.

  2. After the Jenkins-saml is downloaded successfully, log in to the Jenkins Client, navigate to Manage Jenkins > Configure Global Security, check Enable security and then SAML 2.0 in the Security Realm column, and then fill in the following fields:


  3. After the required information is completed, click Apply and then Save.

Step 3: Verify Login

Log in to the Jenkins client, and the address will automatically jump to the login page: https://sso_login_environment_domain/auth-service/login.

Add Corresponding Configuration to Client Code (Based on SAML Implementation)

If you need to configure other clients, you can add the corresponding configuration in the client code.

Verify Login

Log in to the client, and the address will automatically jump to https://sso_login_environment_domain/auth-service/login. Once the user successfully logs in with the EnOS account, the client will get the Auth Token according to the SAML protocol and complete the login.