File: cornerstone.html

package info (click to toggle)
lemonldap-ng 1.9.7-3%2Bdeb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 39,024 kB
  • sloc: perl: 37,552; makefile: 922; sh: 472; sql: 5
file content (176 lines) | stat: -rw-r--r-- 9,858 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
 
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:1.9:applications:cornerstone</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,1.9,applications,cornerstone"/>
<link rel="search" type="application/opensearchdescription+xml" href="../lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="cornerstone.html"/>
<link rel="contents" href="cornerstone.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="../lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:1.9:applications';var JSINFO = {"id":"documentation:1.9:applications:cornerstone","namespace":"documentation:1.9:applications"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="../lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
  <script type="text/javascript" src="/lib/scripts/jquery-ui.min.js"></script>
//else -->
  <script type="text/javascript" src="/lib/scripts/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#presentation">Presentation</a></div></li>
<li class="level1"><div class="li"><a href="#configuration">Configuration</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#new_service_provider">New Service Provider</a></div></li>
<li class="level2"><div class="li"><a href="#csod_control_panel">CSOD control panel</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#certificate">Certificate</a></div></li>
<li class="level3"><div class="li"><a href="#saml_assertion">SAML assertion</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="cornerstone_on_demand">Cornerstone On Demand</h1>
<div class="level1">

<p>
<a href="csod_logo.png_documentation_1.9_applications_cornerstone.html" class="media" title="applications:csod_logo.png"><img src="csod_logo.png" class="mediacenter" alt="" /></a>
</p>

</div>
<!-- EDIT1 SECTION "Cornerstone On Demand" [1-73] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">

<p>
<a href="http://www.cornerstoneondemand.com/" class="urlextern" title="http://www.cornerstoneondemand.com/"  rel="nofollow">CornerStone On Demand (CSOD)</a> allows to use <abbr title="Security Assertion Markup Language">SAML</abbr> to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic.
</p>

<p>
To work with <abbr title="LemonLDAP::NG">LL::NG</abbr> it requires:
</p>
<ul>
<li class="level1"><div class="li"> An enterprise account</div>
</li>
<li class="level1"><div class="li"> <abbr title="LemonLDAP::NG">LL::NG</abbr> configured as <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML Identity Provider</a></div>
</li>
<li class="level1"><div class="li"> Registered users on CSOD with the same email than those used by <abbr title="LemonLDAP::NG">LL::NG</abbr> (email will be the NameID exchanged between CSOD and <abbr title="LemonLDAP::NG">LL::NG</abbr>)</div>
</li>
</ul>

</div>
<!-- EDIT2 SECTION "Presentation" [74-574] -->
<h2 class="sectionedit3" id="configuration">Configuration</h2>
<div class="level2">

</div>
<!-- EDIT3 SECTION "Configuration" [575-601] -->
<h3 class="sectionedit4" id="new_service_provider">New Service Provider</h3>
<div class="level3">

<p>
You should have configured <abbr title="LemonLDAP::NG">LL::NG</abbr> as an <a href="../idpsaml.html" class="wikilink1" title="documentation:1.9:idpsaml">SAML Identity Provider</a>,
</p>

<p>
Now we will add CSOD as a new <abbr title="Security Assertion Markup Language">SAML</abbr> Service Provider:
</p>
<ol>
<li class="level1"><div class="li"> In Manager, click on <abbr title="Security Assertion Markup Language">SAML</abbr> service providers and the button <code>New service provider</code>.</div>
</li>
<li class="level1"><div class="li"> Set csod as Service Provider name.</div>
</li>
<li class="level1"><div class="li"> Set <code>Email</code> in <code>Options</code> » <code>Authentication Response</code> » <code>Default NameID format</code></div>
</li>
<li class="level1"><div class="li"> Select <code>Metadata</code>, and unprotect the field to paste the following value:</div>
</li>
</ol>
<pre class="code file xml"><span class="sc3"><span class="re1">&lt;md:EntityDescriptor</span> <span class="re0">entityID</span>=<span class="st0">&quot;mycompanyid.csod.com&quot;</span> <span class="re0">xmlns</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span> <span class="re0">xmlns:md</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;</span><span class="re2">&gt;</span></span>
  <span class="sc3"><span class="re1">&lt;SPSSODescriptor</span> <span class="re0">protocolSupportEnumeration</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;</span><span class="re2">&gt;</span></span>
    <span class="sc3"><span class="re1">&lt;KeyDescriptor</span> <span class="re0">use</span>=<span class="st0">&quot;signing&quot;</span><span class="re2">&gt;</span></span>
      <span class="sc3"><span class="re1">&lt;ds:KeyInfo</span> <span class="re0">xmlns:ds</span>=<span class="st0">&quot;http://www.w3.org/2000/09/xmldsig#&quot;</span><span class="re2">&gt;</span></span>
	 <span class="sc3"><span class="re1">&lt;ds:X509Data<span class="re2">&gt;</span></span></span>
	  <span class="sc3"><span class="re1">&lt;ds:X509Certificate<span class="re2">&gt;</span></span></span>
Base64 encoded CSOD certificate
	    <span class="sc3"><span class="re1">&lt;/ds:X509Certificate<span class="re2">&gt;</span></span></span>
	  <span class="sc3"><span class="re1">&lt;/ds:X509Data<span class="re2">&gt;</span></span></span>
      <span class="sc3"><span class="re1">&lt;/ds:KeyInfo<span class="re2">&gt;</span></span></span>
    <span class="sc3"><span class="re1">&lt;/KeyDescriptor<span class="re2">&gt;</span></span></span>
    <span class="sc3"><span class="re1">&lt;AssertionConsumerService</span> <span class="re0">Binding</span>=<span class="st0">&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;</span> <span class="re0">Location</span>=<span class="st0">&quot;https://mycompanyid.csod.com/samldefault.aspx&quot;</span> <span class="re0">index</span>=<span class="st0">&quot;1&quot;</span> <span class="re2">/&gt;</span></span>
    <span class="sc3"><span class="re1">&lt;NameIDFormat<span class="re2">&gt;</span></span></span>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress<span class="sc3"><span class="re1">&lt;/NameIDFormat<span class="re2">&gt;</span></span></span>
  <span class="sc3"><span class="re1">&lt;/SPSSODescriptor<span class="re2">&gt;</span></span></span>
<span class="sc3"><span class="re1">&lt;/md:EntityDescriptor<span class="re2">&gt;</span></span></span></pre>
<div class="noteimportant">Change <strong>mycompanyid</strong> (in <code>AssertionConsumerService</code> markup, parameter <code>Location</code>) into your CSOD company ID and put the certificate value inside the ds:X509Certificate markup
</div>
</div>
<!-- EDIT4 SECTION "New Service Provider" [602-2116] -->
<h3 class="sectionedit5" id="csod_control_panel">CSOD control panel</h3>
<div class="level3">

<p>
CSOD needs two things to configure <abbr title="LemonLDAP::NG">LL::NG</abbr> as an IDP:
</p>
<ul>
<li class="level1"><div class="li"> Certificate</div>
</li>
<li class="level1"><div class="li"> <abbr title="Security Assertion Markup Language">SAML</abbr> assertion</div>
</li>
</ul>

</div>

<h4 id="certificate">Certificate</h4>
<div class="level4">

<p>
See <a href="../samlservice.html#security_parameters" class="wikilink1" title="documentation:1.9:samlservice">SAML security parameters</a> to know how generate a certificate from you <abbr title="Security Assertion Markup Language">SAML</abbr> private key.
</p>

</div>

<h4 id="saml_assertion">SAML assertion</h4>
<div class="level4">

<p>
You need to use the IDP initiated feature of <abbr title="LemonLDAP::NG">LL::NG</abbr>. Just call this <abbr title="Uniform Resource Locator">URL</abbr>:
</p>
<pre class="code">https://auth.example.com/saml/singleSignOn?IDPInitiated=1&amp;sp=mycompanyid.csod.com</pre>

</div>
<!-- EDIT5 SECTION "CSOD control panel" [2117-] --></div>
</body>
</html>