{"id":195,"date":"2023-11-20T16:13:06","date_gmt":"2023-11-20T15:13:06","guid":{"rendered":"https:\/\/helpdesk.ovio365.com\/?p=195"},"modified":"2024-04-29T16:22:50","modified_gmt":"2024-04-29T14:22:50","slug":"kapitel-3-saml-installation","status":"publish","type":"post","link":"https:\/\/helpdesk.ovio365.com\/?p=195","title":{"rendered":"Kapitel 6 SAML Installation"},"content":{"rendered":"\n[et_pb_section fb_built=“1″ _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.25.0″ _module_preset=“default“ header_5_line_height=“1.5em“ hover_enabled=“0″ global_colors_info=“{}“ sticky_enabled=“0″]

In diesem Abschnitt werden wir die SAML Integration<\/strong> von OVIO besprechen. Mit diesem Bereichen k\u00f6nnen wir unsere Applikation in Ihren jetzigen Identity Provider<\/strong> ohne gro\u00dfen Aufwand integrieren. Dies f\u00fchrt zu einem automatischen<\/strong> Import, Benutzerpflege und einer Zuweisung der Berechtigungen in Unternehmensbasierten Gruppen \/ Abteilungen.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>1. SAML Anbieter<\/span><\/h1>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ header_5_line_height=“1.5em“ global_colors_info=“{}“]

Amazon AWS Identity<\/p>\n

Google Identity<\/p>\n

Microsoft Entra<\/p>\n

OCTA<\/p>\n

Jeder weitere Anbieter der SAML 2.0 unterst\u00fctzt.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>2. SAML Voraussetzungen<\/span><\/h1>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

In diesem Beispiel orientieren wir uns an einer Microsoft Entra Integration.<\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>2.1. SAML Configuration<\/span><\/h2>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]\n\n\n\n\n\n
\n

Attribut<\/strong><\/p>\n<\/td>\n

\n

Wert<\/strong><\/p>\n<\/td>\n<\/tr>\n

\n

Identifier (Entity ID)<\/p>\n<\/td>\n

\n

https:\/\/serverurl.domin.de\/something<\/p>\n<\/td>\n<\/tr>\n

\n

Reply URL (Assertion Consumer Service URL)<\/p>\n<\/td>\n

\n

https:\/\/serverurl.domin.de\/something<\/p>\n<\/td>\n<\/tr>\n

\n

Logout URL\u00a0<\/p>\n<\/td>\n

\n

https:\/\/serverurl.domin.de\/something\/something<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>2.2. SAML Attribute<\/span><\/h2>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]\n\n\n\n\n\n\n\n\n\n\n\n
\n

OVIO Parameter<\/strong><\/p>\n<\/td>\n

\n

Beispiel Microsoft Entra<\/strong><\/p>\n<\/td>\n<\/tr>\n

\n

user_assignedroles<\/span><\/p>\n<\/td>\n

\n

user.assignedroles<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_givenname<\/span><\/p>\n<\/td>\n

\n

user.givenname<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_isEnabled<\/span><\/p>\n<\/td>\n

\n

user.accountenabled<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_language<\/span><\/p>\n<\/td>\n

\n

user.preferredlanguage<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_mail<\/span><\/p>\n<\/td>\n

\n

user.mail<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_phone<\/span><\/p>\n<\/td>\n

\n

user.mobilephone<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_surname<\/span><\/p>\n<\/td>\n

\n

user.surname<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

user_groups<\/span><\/p>\n<\/td>\n

\n

user.groups<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Unique User Identifier<\/span><\/p>\n<\/td>\n

\n

user.userprincipalname<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>2.3. SAML Zertifikate<\/span><\/h2>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ header_5_line_height=“1.5em“ global_colors_info=“{}“]

Die Support Abteilung ben\u00f6tigt bei dem Einrichtungstermin von Ihnen eine Federation Metadata XML Datei mit integriertem Zertifikat ein Beispiel wie sowas aussieht sehen Sie hier:<\/p>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ header_5_line_height=“1.5em“ global_colors_info=“{}“]

\n

<?<\/span>xml<\/span> version<\/span>=<\/span>„1.0“<\/span> encoding<\/span>=<\/span>„utf-8“<\/span>?><<\/span>EntityDescriptor<\/span> <\/span>ID<\/span>=<\/span>„_171ef52486“<\/span> <\/span>entityID<\/span>=<\/span>„https:\/\/sts.windows.net\/“<\/span> <\/span>xmlns<\/span>=<\/span>„urn:oasis:names:tc:SAML:2.0:metadata“<\/span>><\/span><\/p>\n

<<\/span>Signature<\/span> <\/span>xmlns<\/span>=<\/span>„http:\/\/www.w3.org\/2000\/09\/xmldsig#“<\/span>><\/span><\/p>\n

<<\/span>SignedInfo<\/span>><<\/span>CanonicalizationMethod<\/span> <\/span>Algorithm<\/span>=<\/span>„http:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#“<\/span> <\/span>\/><\/span><\/p>\n

<<\/span>SignatureMethod<\/span> <\/span>Algorithm<\/span>=<\/span>„http:\/\/www.w3.org\/2001\/04\/xmldsig-more#rsa-sha256“<\/span> <\/span>\/><\/span><\/p>\n

<<\/span>Reference<\/span> <\/span>URI<\/span>=<\/span>„#_171ef597-486“<\/span>><<\/span>Transforms<\/span>><\/span><\/p>\n

<<\/span>Transform<\/span> <\/span>Algorithm<\/span>=<\/span>„http:\/\/www.w3.org\/2000\/09\/xmldsig#enveloped-signature“<\/span> <\/span>\/><\/span><\/p>\n

<<\/span>Transform<\/span> <\/span>Algorithm<\/span>=<\/span>„http:\/\/www.w3.org\/2001\/10\/xml-exc-c14n#“<\/span> <\/span>\/><\/<\/span>Transforms<\/span>><\/span><\/p>\n

<<\/span>DigestMethod<\/span> <\/span>Algorithm<\/span>=<\/span>„http:\/\/www.w3.org\/2001\/04\/xmlenc#sha256“<\/span> <\/span>\/><\/span><\/p>\n

<<\/span>DigestValue<\/span>><\/<\/span>DigestValue<\/span>><\/span><\/p>\n

<\/<\/span>Reference<\/span>><\/<\/span>SignedInfo<\/span>><<\/span>SignatureValue<\/span>><\/<\/span>SignatureValue<\/span>><\/span><\/p>\n

<<\/span>KeyInfo<\/span>><<\/span>X509Data<\/span>><<\/span>X509Certificate<\/span>><\/<\/span>X509Certificate<\/span>><\/span><\/p>\n

<\/<\/span>X509Data<\/span>><\/<\/span>KeyInfo<\/span>><\/<\/span>Signature<\/span>><\/span><\/p>\n

<<\/span>RoleDescriptor<\/span> <\/span>xsi:type<\/span>=<\/span>„fed:SecurityTokenServiceType“<\/span> <\/span>protocolSupportEnumeration<\/span>=<\/span>„http:\/\/docs.oasis-open.org\/wsfed\/federation\/200706“<\/span> <\/span>xmlns:xsi<\/span>=<\/span>„http:\/\/www.w3.org\/2001\/XMLSchema-instance“<\/span> <\/span>xmlns:fed<\/span>=<\/span>„http:\/\/docs.oasis-open.org\/wsfed\/federation\/200706“<\/span>><\/span><\/p>\n

<<\/span>KeyDescriptor<\/span> <\/span>use<\/span>=<\/span>„signing“<\/span>><<\/span>KeyInfo<\/span> <\/span>xmlns<\/span>=<\/span>„http:\/\/www.w3.org\/2000\/09\/xmldsig#“<\/span>><\/span><\/p>\n

<<\/span>X509Data<\/span>><<\/span>X509Certificate<\/span>><\/<\/span>X509Certificate<\/span>><\/<\/span>X509Data<\/span>><\/span><\/p>\n

<\/<\/span>KeyInfo<\/span>><\/<\/span>KeyDescriptor<\/span>><<\/span>fed:ClaimTypesOffered<\/span>><\/span><\/p>\n<\/div>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.25.0″ _module_preset=“default“][et_pb_column _builder_version=“4.25.0″ _module_preset=“default“ type=“4_4″][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

<\/span>2.4. SAML Gruppen Import<\/span><\/h2>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ header_5_line_height=“1.5em“ global_colors_info=“{}“]

Um die Firmen internen Gruppen nutzen zu k\u00f6nnen, sollten Sie einmalig die AD Gruppen die Sie importieren m\u00f6chten in eine .CSV Datei exportieren und in der Administration in OVIO Importieren. Hier werden dann einmalig die gew\u00fcnschten Berechtigungen pro Abteilung gepflegt. Die Zuweisungen der Nutzer passiert dann automatisch bei der Anmeldung durch das SAML SSO werden die Gruppenzugeh\u00f6rigkeiten aufgel\u00f6st und gespeichert. So bliebt Ihre OVIO Cloud immer sauber und frei von importierten „M\u00fcll“ wie z.B. inaktive Nutzer, Exchange Postf\u00e4cher private Gruppen usw.<\/p>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]

Ein Beispiel der Felder die OVIO bei einem Gruppen Import erwartet. Das Trennzeichen sollte ein ; sein.<\/p>[\/et_pb_text][et_pb_text _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“]\n\n\n\n
\n

id<\/p>\n<\/td>\n

\n

displayName<\/p>\n<\/td>\n

\n

groupType<\/p>\n<\/td>\n

\n

membershipType<\/p>\n<\/td>\n

\n

source<\/p>\n<\/td>\n<\/tr>\n

\n

mail<\/p>\n<\/td>\n

\n

securityEnabled<\/p>\n<\/td>\n

\n

mailEnabled<\/p>\n<\/td>\n

\n

isAssignableToRole<\/p>\n<\/td>\n

\n

onPremisesSyncEnabled<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“][et_pb_column type=“4_4″ _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“][et_pb_post_nav in_same_term=“on“ _builder_version=“4.23.1″ _module_preset=“default“ global_colors_info=“{}“][\/et_pb_post_nav][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"

In diesem Abschnitt werden wir die SAML Integration von OVIO besprechen. Mit diesem Bereichen k\u00f6nnen wir unsere Applikation in Ihren jetzigen Identity Provider ohne gro\u00dfen Aufwand integrieren. Dies f\u00fchrt zu einem automatischen Import, Benutzerpflege und einer Zuweisung der Berechtigungen in Unternehmensbasierten Gruppen \/ Abteilungen.1. SAML AnbieterAmazon AWS Identity Google Identity Microsoft Entra OCTA Jeder weitere […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-195","post","type-post","status-publish","format-standard","hentry","category-ovio-administrator-guide"],"_links":{"self":[{"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=\/wp\/v2\/posts\/195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=195"}],"version-history":[{"count":0,"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=\/wp\/v2\/posts\/195\/revisions"}],"wp:attachment":[{"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helpdesk.ovio365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}