Configuring OIDC Single Sign-on

Create OIDC directory in MetaDefender Core

  1. Sign in to MetaDefender Core.
  2. In the dashboard, click on User Management in the left sidebar.
  3. On User Management page, select Directories tab and click Add Directory in the top right corner.
  1. In Add Directory page, select OIDC as Directory type, and enter a name for the new directory, such as MDCore-OIDC.
  2. Enter Host or IP where MetaDefender Core is hosted, for this example use https://127.0.0.1:8008.
  3. Copy the string generated under Login URL and store it as reply_uri.

Create and configure OIDC application in PingOne

  1. In the PingOne Overview page, navigate to Connections on the sidebar.
  1. Click the plus button to add a new application.
  1. Enter the application name, MDCore-OIDC as an example, choose OIDC Web App for Application Type, and click Save.
  1. Select Configuration tab, then click Edit button.
  1. In Edit Configuration page, navigate to Redirect URIs, paste redirect_uri into the box below, and then click Save.
  1. Back in Configuration tab, navigate to OIDC Discovery Endpoint, copy the link below, and save it as metadata_url.
  1. Expand General section, navigate to Client ID and Client Secret, and copy and save them as client_id and client_secret, respectively.
  1. Select Attribute Mappings tab and click Edit button.
  1. In Edit Attribute Mappings page, click Add to create a new mapping.

In this step, we create a mapping from the key name used by MetaDefender Core to the one exported by PingOne. For example, we set given_name mapped to Given Name from PingOne. Later, given_name is utilized by MetaDefender Core to identify the logged-in user.
  1. Enter the attribute name, given_name in this example, select the item Given Name in PingOne Mappings, enable Required option , and click Save to complete.
  1. Enable the new application in PingOne.

Complete configuration in MetaDefender Core

  1. Switch back to MetaDefender Core. Under Identity Provider, click Fetch URL, paste value of metadata_url into the box below, click OK, and wait a moment for MetaDefender Core to check and set PingOne as its IdP.
  1. Under Service Provider, paste the values of client_id and client_secret into the boxes labeled Client ID and Client Secret, respectively.
  2. Fill in ${given_name} in the box under User Identified By.
  3. Select Default role option, choose the appropriate role to assign to users under User Role, and click Add to complete the settings in MetaDefender Core.
  1. On User Management page, toggle the new directory, MDCORE-OIDC in this example. A dialog box will appear to confirm the action. Once Enable is clicked, all sessions will expire immediately.

Test the integration

  1. On the home screen of MetaDefender Core, click Login; the user is redirected to PingIdentity login page.
  1. Sign in using the account registered with PingIdentity.
  2. If everything goes well, MetaDefender Core dashboard is displayed with the user identity in the top right corner.
  1. Otherwise, access backup login page at <mdcore-host>#/public/backuplogin for trouble shooting.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
General configuration
On This Page
Configuring OIDC Single Sign-onCreate OIDC directory in MetaDefender CoreCreate and configure OIDC application in PingOneComplete configuration in MetaDefender CoreTest the integration