Table of Contents

Rbok – MFA and SSO with PhenixID Authentication Services

Warning

Please note, this document is using the legacy authenticators - in order to use the new protocol agnostic authenticators, you need to apply relevant modifications to the configuration examples outlined in this article.

Summary

This document will guide you through the steps to enable multi-factor authentication and Single-Sign On for the booking solution Rbok ( https://rbok.se/ ) using SAML2.

System Requirements

  • PhenixID Authentication Server 3.0 or higher
  • Rbok.se technical administrator contact.

Instruction

Overview

This document will guide you through the steps to enable multi-factor authentication and Single-Sign on for Rbok.

PhenixID Authentication Services acting as SAML IdP

  1. Login to Configuration Manager.
  2. Setup PhenixID Authentication Services as a SAML IdP.
  3. Select a unique userID value (such as sAMAccountName, userPrincipalName or uid), first name and last name from the user store configured. These values should be populated as additional attributes.
  4. Click Identity Provider.
  5. Add a POST SLO value: https://<your_phenixid_server>/saml/authenticate/logout/
  6. Save
  7. Click General->View SAML Metadata.
  8. Save the displayed SAML IdP metadata to a file (idp_meta.xml).
  9. Send the idp_meta.xml file and the claims (attributes) id values to your rbok.se technical administrator contact.
Uppgift Obligatorisk Beskrivning
Metadata Ja Url till metadata
Claim Externt Id Ja Vilket saml attribut som innehåller användarens id (OBS värdet som sätts i detta attribut måste vara unikt).
Claim Förnamn Ja Vilket saml attribut som innehåller användarens förnamn.
Claim Efternamn Ja Vilket saml attribut som innehåller användarens efternamn.

Configure Rbok

This step is performed by the Rbok technical administrator contact.

The rbok.se technical administrator contact will send the SAML SP metadata for Rbok to you.

Add trust to Rbok on PhenixID Authentication Services

  1. Login to configuration manager
  2. Open Scenarios->Federation->SAML Metadata upload
  3. Click the plus sign
  4. Add Rbok SAML SP Metadata by uploading the SAML SP metadata for Rbok provided in previous step.

Test

  1. Browse to the Rbok site.
  2. Select the Identity Provider
  3. This should result in a redirect to PhenixID Authentication Server
  4. Authenticate
  5. If authentication was successful, a redirect to Rbok should occur (with a SAML assertion)
  6. The user should now be logged in.
SAML 2 Single Sign-On Identity Provider Use Case: Federation of web services Use Case: Integrate with external systems Federation Step by Step