When logging into and using Sitecore Content Hub, it is possible to work with the single sign-on mechanism. Here, we introduce the actual verification procedure for single sign-on using the SSOCircle mechanism.
Verification using SSOCircle
In this case, SSOCircle makes it easy to verify SAML authentication.
Create an account
Please create an account when you use the service for the first time.
After completing registration, an email containing the URL for activation will be sent to the registered user's email address a short time later. Clicking on the URL in the e-mail will activate your account.
Now that your account has been activated, you can actually log in.
Once you have logged in, your account creation is complete.
Meta data registration
We will proceed with the settings related to the service provider. On the left side menu of the login screen, there is a `Manage Metadata` item. Clicking on it will take you to the following screen.
This time, to add a service provider, click on the `Add new Service Provider` item listed at the top.
As for the contents displayed on this screen, please enter the following 2 first.
- FQDN Enter the FQDN of the Sitecore Content Hub
- Attributes sent in assertition Check two items: UserID and EmailAddresss.
You will need to provide the SAML Meta data listed below, and the instructions for generating this code can be found on the screen by clicking you can build it here.
When the screen switches, you will be prompted to enter the following two items.
- EntityID
- ACS URL
The EntityID should be the URL of the server. In this case, the / must be set at the end. Next, for ACS URL, enter the URL with AuthServices/Acs added to the EntityID URL. After entering the above two items, click the "insert" button to complete the Meta data.
Register the resulting metadata on the original page and click the Submit button to complete the process.
This completes the SSOCircle configuration.
Preparing the Sitecore Content Hub environment
The following steps will be used to change the mechanisms related to authentication.
Change login mode from Active to Passive
Sitecore Content Hub sandbox environments may be deployed in a way that works only with the standard single sign-on provided.
To change this setting, follow the steps below to modify the parameters.
- Open the tool Manage
- Check settings Open Settings
- Type Auth in the search box to find Authentication under the PortalConfiguration section
- Authentication を開きます
- Change the display mode from Tree to Text.
- If authentication_mode is Active, change it to Passive
If authentication_mode is already set to Passive, do not change it and continue.
After changing the setting, a login dialog box will appear.
Check if you can log in as an administrator.
Create an account that allows you to log in as an administrator. If you have already logged in as an administrator from the above screen, you can bypass this step. Creating an account and setting a password will be introduced separately at a later date.
Reflecting SSOCircle settings
We will change the already configured authentication settings to the SSOCircle settings for verification. Once again, we go to the Authentication settings page and look at the code as follows.
JSON
"Providers": [
{
"$type": "Stylelabs.M.Portal.Authentication.SamlAuthenticationProviderConfigurator, Stylelabs.M.Portal",
"metadata_location": "https://stylelabs.eu.auth0.com/samlp/metadata/JyVO5bQjk6n3mrUJnUZ02vMuA1K4MiaY",
"sp_entity_id": "urn:stylelabs.eu.auth0.com",
"idp_entity_id": "urn:stylelabs.eu.auth0.com",
"provider_name": "SSO",
"authentication_mode": "Passive",
"module_path": "AuthServices",
"is_enabled": true
}
],
The login screen provided in this configuration is as follows
In order to use the login mechanism in conjunction with SSOCircle, the following items should be changed regarding parameters.
Parameter | Value |
|---|---|
metadata_location | |
sp_entity_id | Provide the URL of the instance |
idp_entity_id | Get from SSOCircle site |
provider_name | Change name to SSOCircle |
To obtain the value of idp_entity_id, access the URL _metadata_location_ and quote ipd_entity_id in the first line of the XML. Here the value is as follows
As a result, the following parameters are set
Parameter | Value |
|---|---|
metadata_location | https://idp.ssocircle.com/meta-idp.xml |
sp_entity_id | https://jpntraining09.stylelabs.io/ |
idp_entity_id | https://idp.ssocircle.com |
provider_name | SSOCircle |
JSON
{
"$type": "Stylelabs.M.Portal.Authentication.SamlAuthenticationProviderConfigurator, Stylelabs.M.Portal",
"metadata_location": "https://idp.ssocircle.com/meta-idp.xml",
"sp_entity_id": "https://jpntraining09.stylelabs.io/",
"idp_entity_id": "https://idp.ssocircle.com",
"provider_name": "SSOCircle",
"authentication_mode": "Passive",
"module_path": "AuthServices",
"is_enabled": true
}
In addition, to link with SSOCircle, please change the following three items.
JSON
"UsernameClaimType": "UserID",
"EmailClaimType": "EmailAddress",
"PostSignOutRedirectUrl": "/en-us/account",
After completing the setup, log out and you will see the button added to the login box as shown below.
Single sign-on validation
If you have a browser that is logged into SSOCircle to validate single sign-on, please log off the browser (due to limitations for free plans).
- On the login screen, click the SSOCircle button
- SSOCircle login screen will be displayed
- Log in with the account you have previously created
- You can login to the Sitecore Content Hub
Please set user privileges after logging in, as only general user privileges are granted at the login stage.
Summary
This time, we used SSOCircle to verify the implementation of single sign-on, that is, we confirmed that it is possible to log in using an account created with SSOCircle. In case of actual SSO implementation, you need to implement it according to the mechanism you are using.