rConfig - SSO with Shibboleth
| Identity Provider | rConfig Version | Tested |
|---|---|---|
| Shibboleth | 7.1.0 | Yes |
To setup Shibboleth SSO Sign in, you will need to configure your Identity Provider and rConfig. The steps below will guide you through the process.
2. Configure your Shibboleth Identity Provider
Create a new application for Shibboleth
Setup Shibboleth for a new application, and download the metdata.xml The below Harvard link is an excellent resource for setting up the Shibboleth side for rConfig. https://www.iam.harvard.edu/resources/saml-shibboleth-integration
3. Uploade the metadata.xml file
Upload your metadata.xml file to /var/www/html/rconfig/storage/saml/metadata.xml. This is the file that rConfig will use to authenticate users.
3.1. Create a symlink to the metadata.xml file to the public directory of rConfig. Run the following command:
ln -s /var/www/html/rconfig/storage/saml/metadata.xml /var/www/html/rconfig/public/metadata.xmlYYou will need to recreate this link after each update of rConfig as it will be overwritten. Please write this in to your internal documentation. You are welcome to host the xml file on another server, which rConfig can reference below.
3.2. Create a link to the metadata.xml file in the rConfig .env file. Edit the rConfig .env file, located at /var/www/html/rconfig7/current/.env and add or edit the following lines :
SAML2_METADATA_URL='https://vega.rconfig.com/metadata.xml'Save the file, exit and run the following command
php artisan rconfig:clear-allIf everything is setup correctly, a new login button will appear on the login page. See the screenshot below.
Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information. They will get the error below until they area approved by an admin. They will also need a role assigned to them to access the application.
Please check out our YouTube video on this topic.