SAML setup for FirstWave products

Supported Versions

SAML Authentication is supported for FirstWave products when any of the following products or later versions are installed:

  • opCharts 4.8.3

  • opEvents 4.5.0

Setting up SAML Authentication

 To setup SAML in FirstWave products, please follow these steps:

 

Go to application dashboard, Modules → Administration → Settings → Authentication.

image-20241022-014840.png

 

Change the Authentication Methods to include saml. Change one of Auth Method 1 or Auth Method 2 or Auth Method 3 to saml from dropdown and click on Configure saml link as highlighted below.

image-20241022-015233.png

 

Inside the model, add in the SAML configuration parameters.

Single Sign-On (SSO) URL

Mandatory. The Single Sign-On (SSO) URL is used by the SP to initiate the authentication process. It typically points to the IdP's SAML endpoint where the SP sends an authentication request (AuthnRequest) XML document.

Metadata URL

Mandatory. Metadata URL provides essential information about the IdP, including endpoints, certificates, and other settings required for SAML authentication.

User Attribute

(optional) SAML IDP attribute to be mapped with NMIS Username. SAML response needs to have a custom attribute which contains the NMIS Username, If the Username is present in NameId then this can be left empty.

Login Label

Optional. Label to be used on the FirstWave SAML login screen. Default is Login with SAML

Auth SameSite Cookie

This has to be set to Lax for SAML. The SameSite attribute for cookies is used to control whether cookies are sent along with cross-site requests.

Press Update and Save the configuration.

Restart the OMK Demon.

 

SAML Metadata

 

For information on Assertion Consumer Service URL (ACS URL),
Go to Modules → Administration → Help → SAML Metadata

 

 

Response

The system will respond with the SAML Metadata for the FirstWave Service Provider. This details can be used on the Identity Provider.