SAML2 Authentication⚓︎

Note：SAML2 authentication is a feature of JumpServer Enterprise Edition

tip

Single Sign on with SAML2.

1 Configure Authentication⚓︎

Clicking on Authentication Configuration at left-side menu in Setting page，and then select Enable for SAML2 authentication.

Configure Authentication Confiure certificate

Attention

If there are no trusted certificates available, manual generation is required.

openssl genrsa -out server.key 2048  # The generated item is a private key.
openssl req -new -x509 -days 3650 -key server.key -out server.crt -subj "/C=CN/ST=mykey/L=mykey/O=mykey/OU=mykey/CN=domain1/CN=domain2/CN=domain3"  # The certificate

Get information of SP metadata
Visit http://your_jms_url/core/auth/saml2/metadata/ and save metadata content(It can be saved to file and import to idp directly)

Get metadata

2 Configure IDP⚓︎

Tip

Taking keycloak as an example

Create realm，and set Name custom，then click Save.

Create realm

Click on the Client on the left and click on the Create in the upper right corner to create a new client.

Create client

Import the SP metadata file you just saved, then click Save to save it.

Import metadata

Click on the submenu Settings of the Client menu to make configuration modifications.
Client Signature Required update to OFF。
IDP Initiated SSO URL Name update to the address information of Target IDP initiated SSO URL.

Configure settings

Click on Add Roles in the submenu Roles, where the name can be customized.

Configre Roles

Click on the submenu Mappers to create the following attribute mapping.

Configure Mappers Attribute Mapping

Click submenu Scope then configure following:

Configure Scope

Click on left side menu Users，then create new user at upper right corner.

Configure Users Add User

Click Credentials submenu，then set password of account newly created.

Configure Password

Click on the left-side menu item "Realm Settings" then select the sub-menu "General." then navigate to the location indicated in the image below to access the Metadata for the IDP. Alternatively, you can refer to the official document to retrieve the Metadata using the API.

IDPMetadata

3 Configure SAML2⚓︎

Once you have obtained the IDP Metadata, you can integrate it into JumpServer's SAML2 authentication settings and proceed to enable SAML2 authentication.

SAML2 Parameter