SAML SSO integration with Microsoft ADFS 2.0.

  • Anupriya
    # 4 years, 9 months ago

    Hi Greg,

    We have released the feature which will let you redirect your users to different IdP on the basis of the identifier sent by the firebase app. We will manage the mapping of the identifier to an IdP.

    Let me know if you are ready to proceed.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Hi Anupriya,

    We would like to start exploring using the MiniOrange software that we have been discussing over the past few months. I had a few questions:

    1. Can we get access to the MiniOrange software on a free trial basis while we prototype this solution, so we can verify that it is working as we expect?

    2. We anticipate having approximately 10000 users initially, ramping up to around 30000 users. Of those, the majority would be ADFS users, but some would not have ADFS accounts and would need to authenticate using the legacy (email/password) system that is in place today.

    Thanks again for all your help,
    Greg

    Anupriya
    # 4 years, 9 months ago

    Hi Greg,

    I have answered your questions below:

    You can avail miniOrange for a free trial by signing up for our free trial. Since your use case involves integrating with our APIs and broker service, do you want to do the integration yourself or do you want us to do the integration? If you want us to do the integration, I suggest engaging in a pilot project on a small scale. This would cover the entire use case and we might also come across other requirements which we could have missed out earlier. Let me know if you want me to estimate it.

    I just want to confirm how your users will be accessing the firebase application.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Hi Anupriya, my responses are below.

    –My understanding is that miniOrange would be providing a javascript snippet and the ability to configure the ADFS identity provider, and that we would include the javascript snippet in the Firebase app to handle authentication through your broker service. If this is correct, I think we should be able to handle the integration.

    You mention that ADFS(s) will no longer be your sole user authentication source and you will also be using your legacy system of email/password for authentication. So the users using the legacy system will be added to miniOrange IDP to authenticate with Firebase. How many such users do you have?

    – My understanding is that there are on the order of a few hundred to a few thousand users that would not be in ADFS. If this is problematic from a setup standpoint, one thing we could do is to have two authentication user experiences that the user can choose between: the first would leverage the miniOrange solution to authenticate against ADFS, and the second would just be the existing user experience prior to miniOrange integration. Please let me know if there are any obstacles to this approach.

    Thanks,

    Anupriya
    # 4 years, 9 months ago

    Hi Greg,

    Thanks for your response. I have added my comments below.

    We will be providing you with sample codes which you would need to integrate into your firebase app. Just so you are clear on the amount of integration required, I have mentioned exactly what we will be providing and what integration you would need to do.

    We will be providing you with the following to perform the integration:
    1. Sample JS for sending request to miniOrange
    2. Sample JS for converting miniOrange JWT into token which can be accepted by firebase
    3. Instructions to setup ADFS and Firebase app in miniOrange

    And using the above here’s what you need to do:
    1. Use these samples in your firebase app to call miniOrange API and accept response
    2. Write code to authenticate users using the response received

    The setup won’t be problematic as such. You would only be required to onboard your users in our system. This would make sure that the login experience for all users (redirecting users to miniOrange) is the same whether they are stored in ADFS or miniOrange. You can directly redirect them to our platform on login instead of showing them options to choose from.

    Having said that, there will be no obstacles to the approach you mentioned except the fact that these users will have a different user experience. If you are fine with that, we can go ahead with the solution you suggested.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Thanks Anupriya – this is helpful.

    For on boarding the non-ADFS users into your system, do you offer any kind of import process whereby we could provide the user information in a CSV file or something similar? Also, would miniOrange delegate authentication of these users to firebase auth, or would their credentials now be stored in miniOrange?

    Thanks,
    Greg

    Anupriya
    # 4 years, 9 months ago

    Hi Greg,

    We do provide bulk upload using CSV to onboard users into miniOrange. Their credentials will be stored in miniOrange. Once the user is authenticated with miniOrange, we send a response back to your application and they will be internally logged in using firebase auth.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Hi Anupriya,

    We would like to begin the process of setting up a trial account with miniOrange so we can start building a proof of concept of the new authentication flow for this app. Can you let us know how we can get started with that?

    Thanks,
    Greg

    Anupriya
    # 4 years, 9 months ago

    Hi Greg,

    You can setup a trial account with us from here – https://www.miniorange.com/businessfreetrial. Please sign up if you don’t already have an account in miniOrange.

    Once you have done that, and are ready to integrate your firebase app, do let me know. We will provide you with the required documentation.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Hi Anupriya,

    I signed up for a trial account under xyz@abc.com, and am ready for the documentation to began integration.

    Greg

    Anupriya
    # 4 years, 9 months ago

    Hi,

    We have created a document for your use case of integrating Firebase with ADFS through miniOrange. Please follow the steps given and let me know if you have any queries regarding the document.

    Thanks,
    Anupriya

    Greg
    # 4 years, 9 months ago

    Hi Anupriya,

    Regarding Step 4: Modify JWT Response, I see that “Project’s Service Account Email” is listed twice. I think this is a typo? Would you be able to clarify?

    Gaurav
    # 4 years, 9 months ago

    Hi Greg,

    It is not a typo. The same value is required for the iss and sub values and we have just separated it out.

    To get the project Service Account email address, you can go to the Firebase console and go to your Project Settings (gear icon)->Users and Permissions. There would be a Service Accounts section.


    You need to use a service account listed there or create a new one and use the Service Account ID.

    Let me know if you need help.

    Thanks and regards,
    Gaurav

    Greg
    # 4 years, 9 months ago

    Hi,

    Thanks for getting this done.

    klearskyz13
    # 3 years, 9 months ago

    PapiSTOP Informacija

    Very good forum posts. Kudos!

Viewing 15 posts - 16 through 30 (of 30 total)

You must be logged in to reply to this topic.