IdP Setup

1. In the left-hand navigation pane, click on Applications and then underneath it, again Applications.

   

2. Click on the Create App Integration button

3. Select SAML 2.0 as the sign-in method and click on Next

   

4. Enter an App name and click on Next

   

5. Enter the required SAML settings

   • Single sign-on URL should be https://{username}.asteri.as/auth/thirdparty/oktasaml/saml/callback
   • Audience URI should be https://{username}.asteri.as

   Click on Show Advanced Settings

   

6. Enter the Advanced SAML settings

   • Response and Assertion Signature should both be Signed
   • Signature Algorithm should be RSA-SHA256
   • Digest Algorithm should be SHA256
   • Assertion Encrypion should be Encrypted
   • Encryption Algorithm should be AES256-CBC
   • Key Transport Algorithm should be RSA-OEAP

   

   Upload the Encryption Certificate and Signature Certificate by clicking on Browse files…. For guidance on generating them, see the SAML Keys tutorial.

   

   Scroll down to Attribute Statements. Ensure firstName, lastName and email map to the corresponding user value as shown below.

   Click on Next

   

7. On the Feedback page, select I’m an Okta Customer adding an internal app, and also select This is an internal app that we have created for App type.

   

   Click on Finish

8. If not selected, click on the Sign On tab. A metadata URL will be displayed which is used to download the metadata.

   In a terminal execute the following, taking care to replace the URL with the one you’ve been provided. Feel free to change the filename or use curl if you prefer.

    wget https://dev-23821216.okta.com/app/exkeijfhjqqZRyTgQ5d7/sso/saml/metadata -O okta-metadata.xml
   

   

9. Click on the Assignments tab. Click on the Assign button, and then Assign to People in the drop-down menu that appears.

   

10. Click on Assign next to your user

    

11. Click on Save and Go back

    

12. Click on Done

    

Registration

Service Configuration