top of page

Setting up the FlowLogViewer with Okta SSO

Several PiaSoft customers have asked us to add SSO support, and in v 1.11 , we have added it. We also have instructions to set up OneLogin SSO.

The Single Sign On workflow to view Flow Logs looks like:

  1. User logs into your SSO Identity Provider.

  2. User follows a link to a FlowLogsViewer instance.

  3. After authentication with the IDP completes successfully, user is redirected to the base login page. Credentials are no longer required here.

If access to the app denied through the SSO IDP, users get redirected to an access denied page on the SSO provider page.

Setup

Once your instance is set up (don't forget our free 30-day trial), you will need to:

- SSH to the instance

- Add some configuration to /home/ubuntu/flowlogviewer/current/config/application.rb

1. Modify application.rb

SSH to the instance and open this file with your favorite editor:

/home/ubuntu/flowlogviewer/current/config/application.rb

Modify this section:

# SSO Configuration. Please see www.piasoftware.net/setup for help setting up SSO

config.sso_enabled = false

config.idp_sso_target_url = "URL_TO_YOUR_SSO_PROVIDER_GOES_HERE"

config.idp_cert_fingerprint = "SHA256 fingerprint of your SSO Provider's key goes here"

# Change this line if you're creating a fingerprint with an algorithm besides sha256

config.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha256"

1a. Set "config.sso_enabled = true"

1b. Visit "Okta Admin Console -> Applications -> Your App -> Sign On -> SAML 2.0 -> View Setup Instructions"

1b. For the parameter for config.idp_sso_target_url, copy the value from: "1 - Identity Provider Single Sign-On URL:"

1c. For the parameter config.idp_cert_fingerprint, on the "View Setup Instructions" page, hit "Download certificate". If on OSX, run:

$ openssl x509 -text -noout -in ~/Downloads/okta.cert -fingerprint -sha256 | grep 'SHA256 Fingerprint'

and copy the fingerprint to the config file.

The file should look like:

# SSO Configuration. Please see www.piasoftware.net/setup for help setting up SSO

config.sso_enabled = true

config.idp_sso_target_url = "https://dev-XXXX.oktapreview.com/app/piasoftwarellcXXXX/XXXX/sso/saml"

config.idp_cert_fingerprint = "C6:6B:09:1B:0B:73:03:BC:C1:A5:65:38:75:C3:6C:E4:B3:F0:40:3C:26:E2:E2:EE:7E:EF:18:CB:C5:56:EC:6D"

config.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha256"

Save and exit.

2. Restart the flowlogviewer:

$ sudo systemctl restart flowlogviewer.target

Now, when you hit the IP for your Flow Logs Viewer instance, you should be redirected to the SSO provider.

bottom of page