pia@piasoftware.net

(804) 5050PIA

(804) 505-0742

  • Pia Software on LinkedIn
  • Pia Software on Twitter
  • PiaSoftware on Facebook

©2017 BY PIA SOFTWARE.  All rights reserved.

Archive

Please reload

Tags

Please reload

Setting up the FlowLogViewer with Okta SSO

September 14, 2018

Several PiaSoft customers have asked us to add SSO support, and in v 1.11 , we have added it. We also have instructions to set up OneLogin SSO.


The Single Sign On workflow to view Flow Logs looks like:

  1. User logs into your SSO Identity Provider.

  2. User follows a link to a FlowLogsViewer instance.

  3. After authentication with the IDP completes successfully, user is redirected to the base login page. Credentials are no longer required here.

If access to the app denied through the SSO IDP, users get redirected to an access denied page on the SSO provider page.

 

Setup

Once your instance is set up (don't forget our free 30-day trial), you will need to:

- SSH to the instance

- Add some configuration to /home/ubuntu/flowlogviewer/current/config/application.rb

 

1. Modify application.rb

SSH to the instance and open this file with your favorite editor:

/home/ubuntu/flowlogviewer/current/config/application.rb 

 

Modify this section:

 # SSO Configuration. Please see www.piasoftware.net/setup for help setting up SSO

    config.sso_enabled = false

    config.idp_sso_target_url = "URL_TO_YOUR_SSO_PROVIDER_GOES_HERE"

    config.idp_cert_fingerprint = "SHA256 fingerprint of your SSO Provider's key goes here"

    # Change this line if you're creating a fingerprint with an algorithm besides sha256

    config.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha256"

 

 

 

1a. Set "config.sso_enabled = true"

 

1b. Visit "Okta Admin Console -> Applications -> Your App -> Sign On -> SAML 2.0 -> View Setup Instructions"

 

1b. For the parameter for config.idp_sso_target_url, copy the value from:
   "1 - Identity Provider Single Sign-On URL:"

1c. For the parameter config.idp_cert_fingerprint, on the "View Setup Instructions" page, hit "Download certificate". If on OSX, run:

$ openssl x509 -text -noout -in ~/Downloads/okta.cert  -fingerprint -sha256 | grep 'SHA256 Fingerprint'

and copy the fingerprint to the config file. 

The file should look like:

# SSO Configuration. Please see www.piasoftware.net/setup for help setting up SSO

config.sso_enabled = true

config.idp_sso_target_url = "https://dev-XXXX.oktapreview.com/app/piasoftwarellcXXXX/XXXX/sso/saml"

config.idp_cert_fingerprint = "C6:6B:09:1B:0B:73:03:BC:C1:A5:65:38:75:C3:6C:E4:B3:F0:40:3C:26:E2:E2:EE:7E:EF:18:CB:C5:56:EC:6D"

config.idp_cert_fingerprint_algorithm = "http://www.w3.org/2000/09/xmldsig#sha256"

Save and exit.

 

2. Restart the flowlogviewer:

$ sudo systemctl restart flowlogviewer.target

 

Now, when you hit the IP for your Flow Logs Viewer instance, you should be redirected to the SSO provider.

Please reload

Recent Posts

Please reload