Note: For purposes of this document, please replace all instances of ‘platformname’ with your platform subdomain.

For implementation purposes, all clients should consult their Platform Consultant to begin any SSO integration.  Distribion supports SAML version 1.0 and 2.0, but will be deprecating version 1.0

All clients requesting SSO integration will have a UAT / Test platform created for them for testing purposes. The URL of the UAT site will take the form of ‘uatplatformname.dmplocal.com’

The Distribion platform makes SSO implementation very easy and completely self-directed.  

Documentation and configuration setup page:

https://platformname.dmplocal.com/main/index.php?p=integration.sso_saml

The endpoint for a POST method is:

https://platformadmin.dmplocal.com/main/?p=integration.sso_login

You will find a “Deploy’ tab that has samples and test bed tools.

Setup Steps:

  1. Upload your base64 encoded .pem certificate via the UI
  2. Determine if you want user account provisioning / automatic creation.
  3. Provide the name or array of usergroups the users would be added to.
  4. Supply a destination URL within the platform if NOT the assigned homepage.
  5. Provide any alternate key fields if email address should fail.
  6. Identify the primary key the platform should use to identify the user account.
  7. Provide a URL to an error page.  This can be hosted within the platform.  This is a simple html/css page with user instructions if SSO fails.
  8. Provide mapping to your data field naming convention.  Three fields are required
    1. First Name (first_name)
    2. Last Name (last_name)
    3. Email Address (email)
  9. You may provide mapping any number of data fields you like.


 Finish Up!

As the last step, you will want to provide your Platform Consultant with the URL to your SSO login so that the platform will redirect to your SSO controller, in the event a user tries to login directly via the UI.

 

Azure configuration example

The Distribion platform is agnostic to any SSO schema a client may utilize.  As such, we do not consume meta data files from SSO platforms.  As Azure is popular with our clients, below are the Azure specific field definitions.

 

Identifier (Entity ID)                                      https://platformname.dmplocal.com/main

Reply URL (assertion consumer service URL)      https://platformname.dmplocal.com/?p=integration.sso_login

Sign on URL                                                  Optional

Relay State                                                     Optional

Logout Url                                                     Optional

 

Attributes & Claims (these will be unique to your installation, these are just samples)

NAME                                                   user.userprincipalname

LASTNAME                                         user.surname

FIRSTNAME                                        user.givenname

EMAILADDRESS                                user.mail

DISPLAYNAME                                   user.displayname

UNIQUE USER IDENTIFIER              user.userprincipalname

 

 

 

SAML signing Certificate

Status                                                Active

Thumbprint                                     (number goes here)

Expiration                                        5/6/2024 9:00 AM

Notification Email                           email@domain.net

App Federation Metadata URL.      https://login.microsoftonline.com/keynumber

Certificate(base64)                          Download  

 

Certificate has to be base 64, .cert; the certificate to upload into DMP should be .pem

 

To convert, the following command should be used 

openssl x509 -inform der -in certificate.cer -out certificate.pem


Sample screenshot