Introduction

Instructions tested on Windows Server 2012 R2


A8 Admin Console (AC)

  1. Enable Portal, define a company identifier e.g. https://getsilo.com/for/mitchmurray (fictional customer name)
  2. Enable SAML
  3. Download the SP Encryption Certificate SP_cert.crt to your computer.
  4. Do not hit save, leave page open.

SSOEasy Server


  1. Edit \\<EasySSOHostServer>\c$\EasyConnect\EasyConnectServer\sp-partner.config Legend: Green text = edits from default config Red text = change based on your environment variables

    Add a new SP Provider section for example:

    <PartnerServiceProvider Name="https ://getsilo.com/sso/saml/<company identifier>/" SignSAMLResponse="true" SignAssertion="true" EncryptAssertion="true" WantAuthnRequestSigned="false">
    <SignatureGenerationCertificate>
    <SubjectDN>cn=Test IdP</SubjectDN>
    </SignatureGenerationCertificate>
    <SignatureVerificationCertificate>
    <SubjectDN>cn=Test SP</SubjectDN>
    </SignatureVerificationCertificate>
    <EncryptionCertificate>
    <SubjectDN>SAML SSO</SubjectDN>
    </EncryptionCertificate>
    <DecryptionCertificate>
    <SubjectDN>cn=Test IdP</SubjectDN>
    </DecryptionCertificate>
      <DigestMethod>http ://www .w3 .org /2001/04/xmlenc#sha256</DigestMethod>
          <SignatureMethod>http ://www .w3 .org/2001/04/xmldsig-more#rsa-sha256</SignatureMethod>
    <KeyEncryptionMethod>http ://www .w3 .org/2001/04/xmlenc#rsa-oaep-mgf1p</KeyEncryptionMethod>
    <DataEncryptionMethod>http ://www .w3 .org/2001/04/xmlenc#aes256-cbc</DataEncryptionMethod>
    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" URL="https ://getsilo. com/sso/saml/<company identifier>/login"/>
        </PartnerServiceProvider>

  2. Import the SP_cert.crt from A8 AC to your SSOEasy Server Trusted Root Certification Authorities

Finish configuration of A8 Admin Console

On your server
  1. Use the Certificates MMC snap-in to check Certificates (Local Computer)\Personal\Certificates.  The first cert that doesn't say "EasyConnect Integration" should be the cert name you are looking for double click it, click details tab, click Copy to file, next, No, do not export the private key, base-64 encoded, name it, save it

In A8 AC

  1. For IdP Issuer: https://getsilo.com/sso/saml/<company identifier>/
  2. For IdP Login URL: enter <SSOEasy server name/easyconnect/sso/redirect.aspx
  3. Upload the certificate from your SSOEasy server
  4. Click Save


Additional Notes  

Please contact Support if you have any additional questions and/or require further information.