1. Home
  2. LogonBox SSPR
  3. Resources
  4. Identity Services (SAML)
  5. Bime SAML Configuration

Bime SAML Configuration

Can't find what you're looking for?
Request Supporthere

system 9 November, 2020

Introduction

This article outlines the information and steps you need to take in order to configure Bime to use the LogonBox SAML Identity Provider. Once configured your users will be redirected to your LogonBox Server to authenticate. 

 

Step 1 - Create the Resource from the Template

Log into your server as admin and navigate to Identity Services->SAML in the left hand menu. Click Search Templates and select the Bime SAML template and click Next.

 

You will be asked for your Bime Domain.

Enter the domain name of your bime account, for example if your bime domain is 'logonbox.bimo.io' then enter 'logonbox.bime.io'.

 

Click Next where you have an option to Go to Article to open this article in a separate browser window. Click the X to close the window and return to the SAML list of resources where your Bime SAML resource should now be present.

 

Step 2 - Download SAML metadata

You will need a couple of things from your server in order to configure Bime. First you will need to download the SAML metadata.

In the table of SAML resources locate the Bime SAML resource, and click the gears icon to activate the dropdown. Select Download Metadata; this is an XML file that contains information about the Identity Provider and its access points.


Next, navigate to Certificates in the left menu and locate the SAML RSA certificate. Again using the gears icon to activate the dropdown, select Download Certificate

 

Before proceeding to the next step, open the XML file containing the metadata and locate the logon service URL. This islocated towards the end of the document and will look like

https://demo.logonbox.com/app/api/sso/logon/123456

Copy the entire URL as these will be entered into the Bime settings.

You will also need your certificate's SHA1 fingerprint. You can get this after downloading the certificate file using the OpenSSL command line program.

Execute the command in the directory that contains your certificate file.

openssl x509 -in SAML_RSA.crt -sha1 -noout -fingerprint

This will output the fingerprint. You will need this to configure Bime.

 

Step 3 - Configure Bime-initiated Login

Once you have setup the SAML resource on your server you will now need to log into your Bime account as Administrator so that you can configure Bime Security to use a third party Identity Provider.

First, once logged in, select Admin settings and navigate to Security Settings. From here enable SAML authentication, this will open up to reveal some more configuration settings:

 

Set the following settings:

  • IDP target URL - use the logon URL identified in step 2
  • Certificate finger print - use the fingerprint determined in step 2

Hit Save.

Once you have setup Bime logout and you will see the purple Connect button, this signifies you Bime is ready for service-provider single sign-on. Once you have assigned the Hypersocket Bime template to the right roles (discussed in step 7) you can simply click this button and you will be redirected to LogonBox to authenticate, if successful you will be redirected to Bime and logged into your Bime dashboard.

 

Step 4 - Get Relay Token

From your Bime login page Right click Connect button and copy the link, it should look something like this consisting of a RelayState token

https://logonbox.bime.io/users/auth/saml?RelayState=KQgog1NRHcIsV1AJduNG3n6G73pkHufly%2BAwvGhthpo%3D

Copy this URL into a URL decoder such as, http://meyerweb.com/eric/tools/dencoder/ and decode, the final URL should come out looking something like this,

https://logonbox.bime.io/users/auth/saml?RelayState=KQgog1NRHcIsV1AJduNG3n6G73pkHufly+AwvGhthpo=

 

Step 5 - Configure LogonBox-initiated Login

From LogonBox edit your newly configured Bime template.

Click Advanced to see all settings.

Under the Metadata set the Launch URL to this decoded URL

 Click Update to save the settings.

 

Step 6 - Final Checks

One final step before you start using your Bime resource, ensure that you have assigned some Roles to it so that its available for users to use. 

In addition, each user's email address must match their Bime logon email as this is the primary link between accounts.

Once the access has been assigned, log out of Bime and then access LogonBox as a user with the rights to use the new resource. In the Browser Resources section under My Resources click the launch icon to access Bime.