Skip to content

SAML2 Authentication⚓︎

Note:SAML2 authentication is a feature of JumpServer Enterprise Edition

tip

  • Single Sign on with SAML2.

1 Configure Authentication⚓︎

  • Clicking on Authentication Configuration at left-side menu in Setting page,and then select Enable for SAML2 authentication.

Configure Authentication Confiure certificate

Attention

  • If there are no trusted certificates available, manual generation is required.
openssl genrsa -out server.key 2048  # The generated item is a private key.
openssl req -new -x509 -days 3650 -key server.key -out server.crt -subj "/C=CN/ST=mykey/L=mykey/O=mykey/OU=mykey/CN=domain1/CN=domain2/CN=domain3"  # The certificate

Get metadata

2 Configure IDP⚓︎

Tip

  • Taking keycloak as an example
  • Create realm,and set Name custom,then click Save.

Create realm

  • Click on the Client on the left and click on the Create in the upper right corner to create a new client.

Create client

  • Import the SP metadata file you just saved, then click Save to save it.

Import metadata

  • Click on the submenu Settings of the Client menu to make configuration modifications.
  • Client Signature Required update to OFF
  • IDP Initiated SSO URL Name update to the address information of Target IDP initiated SSO URL.

Configure settings

  • Click on Add Roles in the submenu Roles, where the name can be customized.

Configre Roles

  • Click on the submenu Mappers to create the following attribute mapping.

Configure Mappers Attribute Mapping

  • Click submenu Scope then configure following:

Configure Scope

  • Click on left side menu Users,then create new user at upper right corner.

Configure Users Add User

  • Click Credentials submenu,then set password of account newly created.

Configure Password

  • Click on the left-side menu item "Realm Settings" then select the sub-menu "General." then navigate to the location indicated in the image below to access the Metadata for the IDP. Alternatively, you can refer to the official document to retrieve the Metadata using the API.

IDPMetadata

3 Configure SAML2⚓︎

  • Once you have obtained the IDP Metadata, you can integrate it into JumpServer's SAML2 authentication settings and proceed to enable SAML2 authentication.

SAML2 Parameter