Configuring SAML Single Sign-on

Create SAML directory in MetaDefender Core

1. Sign in to MetaDefender Core.
2. In the dashboard, click on User Management in the left sidebar.
3. On User Management page, select Directories tab and click Add Directory in the top right corner.

4. In Add Directory page, select SAML as Directory type, and enter a name for the new directory, such as MDCore-SAML.
5. In Service Provider section, enable Use custom entity ID option and enter the ID, such as MDCORE-PINGONE-SAML, then store it in entity_id.
6. Enter Host or IP where MDCore is hosted, for this example use https://127.0.0.1:8008.
7. Copy the string generated under Login URL and store it as reply_uri.

Create and configure SAML application in PingOne

1. In the PingOne Overview page, navigate to Connections on the sidebar.

2. Click the plus button to add a new application.

3. Enter the application name, MDCore-SAML as an example, choose SAML Application for Application Type, and click Configure.

4. Select Manually Enter for SAML Configuration, fill in ACS URLs with reply_uri, Entity ID with entity_id, and click Save.

5. Select Configuration tab, navigate to IDP Metadata URL, copy the link below, and store it in metadata_url.

6. Select Attribute Mappings tab and click Edit button.

7. On Edit Attribute Mappings page, click Add to create a new mapping.

8. Enter the attribute name, given_name in this example, select the item Given Name in PingOne Mappings, enable Required option, and click Save to complete.

9. Enable the new application in PingOne.

Complete configuration in MetaDefender Core

1. Switch back to MetaDefender Core. Under Identity Provider, click Fetch URL, paste the value of metadata_url into the box below, click OK, and wait a moment for MetaDefender Core to check and set PingOne as its IdP.

2. Under Service Provider, fill in ${given_name} in the box labeled User identified by.

3. Select Default role option, choose the appropriate role to assign to users under User Role, and click Add to complete the settings in MetaDefender Core.

4. On User Management page, toggle the new directory, MDCORE-SAML in this example. A dialog box will appear to confirm the action. Once Enable is clicked , all sessions will expire immediately.

Test the integration

1. On the home screen of MetaDefender Core, click Login; the user is redirected to PingIdentity login page.

2. Sign in using the account registered with PingIdentity.
3. If everything goes well, MetaDefender Core dashboard is displayed with the user identity in the top right corner.

4. Otherwise, access backup login page at <mdcore-host>#/public/backuplogin for trouble shooting.

Test IdP-initiated login

1. Sign in to PingOne management page.
2. In the left sidebar, click on Connections, then Applications.
3. Select the SSO directory from which IdP-initiated login is enabled, such as MDCore-SAML in this example.

4. In the right sidebar, click on Configuration tab. Copy the URL under Initiate Single Sign-On URL.

5. Paste the URL into your browser and try to sign in.

6. If everything goes well, MetaDefender Core dashboard is displayed with the user identity in the top right corner.

7. Otherwise, access backup login page at <mdcore-host>#/public/backuplogin for trouble shooting.