254 lines
24 KiB
Plaintext
254 lines
24 KiB
Plaintext
<%@ Control Language="C#" Inherits="BaseContentUserControls" %>
|
||
<%@ Register Namespace="TeamLab.Controls" Assembly="__Code" TagPrefix="cc" %>
|
||
|
||
<script runat="server">
|
||
protected override void Init()
|
||
{
|
||
PageTitle = PageCaption = "How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP";
|
||
MetaKeyWords = "Control Panel, SSO, Single sign-on, Shibboleth";
|
||
MetaDescription = "Learn how to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP.";
|
||
}
|
||
</script>
|
||
<div class="main_buscall_container dataBackup">
|
||
<div class="MainHelpCenter">
|
||
<h1 class="subHeaderFeaturesCaption TipsCaption">How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP</h1>
|
||
<cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/VariousControls/Versions/ControlPanel/ControlPanel_Current.ascx" />
|
||
<div class="keyword_block">
|
||
<ul>
|
||
<li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/server-version/server-version.ascx" /></li>
|
||
<li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/local-server/local-server.ascx" /></li>
|
||
<li>
|
||
<span class="enterprise_display">
|
||
<cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/enterprise-edition/enterprise-edition.ascx" />
|
||
</span>
|
||
</li>
|
||
<li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/control-panel/control-panel.ascx" /></li>
|
||
<li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/sso/sso.ascx" /></li>
|
||
<li><cc:LocalizeContent runat="Server" ControlName="~/Controls/Help/Tags/shibboleth/shibboleth.ascx" /></li>
|
||
</ul>
|
||
</div>
|
||
<h2 id="Introduction">Introduction</h2>
|
||
<p>You can configure Shibboleth 2.x - 3.x as your Identity Provider (IDP) for enterprise accounts in ONLYOFFICE. The configuration process includes two main steps: registering your Identity Provider in the ONLYOFFICE <b>Control Panel SSO</b> section and registering ONLYOFFICE SP in the <b>Shibboleth</b> Identity Provider.</p>
|
||
<p>ONLYOFFICE SP supports a flow of the <code>givenName</code>, <code>sn</code>, <code>title</code>, <code>locality</code>, <code>mobile</code> and <code>mail</code> attributes of the enterprise account from the enterprise Identity Provider. When a users signs in using an enterprise account, and if ONLYOFFICE SP receives attributes with the <code>givenName</code>, <code>sn</code> and <code>mail</code> names (obligatory attributes), ONLYOFFICE SP populates the full name and email address of the user account with the values received from the Identity Provider.</p>
|
||
<h2 id="RegisterShibboleth">Registering Shibboleth as an enterprise Identity Provider in ONLYOFFICE SP</h2>
|
||
<ol>
|
||
<li>Make sure that you are signed in as an Administrator to your ONLYOFFICE <b>Control Panel</b> and click the <b>SSO</b> tab in the <b>PORTAL SETTINGS</b> section on the left sidebar.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img1_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_1.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img1_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_1.png")%>" />
|
||
<div target="img1_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
<div class="notehelp">You can only register one enterprise Identity Provider for your organization on the ONLYOFFICE portal.</div>
|
||
</li>
|
||
<li>Enable SSO using the <b>Enable Single Sign-on Authentication</b> switcher.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img2_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_2.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img2_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_2.png")%>" />
|
||
<div target="img2_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>Enter metadata for the Identity Provider using one of the following three ways:
|
||
<ul>
|
||
<li><b>By the link (LOAD DATA)</b> – if the Shibboleth IdP metadata is accessible from outside by the link (e.g. <span class="param-type">https://{shibboleth-idp-domain}/idp/shibboleth</span>), insert the link to the <b>URL to IdP Metadata XML</b> field and press the button with the upwards arrow. Then all the required parameters will be displayed within the extended form.</li>
|
||
<li><b>File (SELECT FILE)</b> – by default, Shibboleth provides the IdP metadata file at the <code>SHIBBOLETH_HOME/metadata</code>. If the metadata file is available, upload it using the <b>SELECT FILE</b> button to browse for the <code>SHIBBOLETH_HOME/metadata/idp-metadata.xml</code> file stored on your local machine. Then all the required parameters will be displayed within the extended form.</li>
|
||
<li><b>Parameters</b> – if the metadata file is not accessible, enter values manually and specify the required parameters: <b>IdP Entity ID</b>, <b>IdP Single Sign-On Endpoint URL</b>, <b>IdP Single Logout Endpoint URL</b>, <%--encryption and --%>signing certificates etc. To obtain these values contact your Shibboleth administrator.</li>
|
||
</ul>
|
||
</li>
|
||
<li>In the <b>Custom login button caption</b> field, you can enter any text instead of the default one (<em>Single Sign-on</em>). This text will be displayed on the button used to login to the portal with the Single Sign-on service at the ONLYOFFICE authentication page.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img113_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide95/adfs_4-1.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img113_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide95/adfs_4-1.png")%>" />
|
||
<div target="img113_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>If your Shibboleth IdP requires that input data is signed and/or encrypted, you need to create/add certificates for this purpose in the <b>SP Certificates</b> section. In the advanced settings, you can also set which requests must be signed, specify whether the data must be decrypted or not and select the corresponding signing and decryption algorithms.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img3_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_3.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img3_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_3.png")%>" />
|
||
<div target="img3_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>In the <b>Attribute Mapping</b> section, set the correspondence of the fields in the ONLYOFFICE People module to the user attributes which will be returned from the Shibboleth IdP.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img5_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_5.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img5_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_5.png")%>" />
|
||
<div target="img5_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>Click the <b>Save</b> button.</li>
|
||
<li>The <b>ONLYOFFICE SP Metadata</b> section should be opened.</li>
|
||
<li>Verify that our settings are publicly available by clicking the <b>Donwnload SP Metadata XML</b> button. The XML file contents should be displayed.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img6_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_6.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img6_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_6.png")%>" />
|
||
<div target="img6_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
</ol>
|
||
<h2 id="RegisterONLYOFFICE">Registering ONLYOFFICE as a trusted Service Provider in the Shibboleth IdP</h2>
|
||
<ol>
|
||
<li>Configure ONLYOFFICE SP as a relying party in Shibboleth.
|
||
<ol style="list-style-type: lower-alpha;">
|
||
<li>Obtain the metadata file of your ONLYOFFICE portal and save it as an XML file.To receive the metadata file, sign in to the ONLYOFFICE <b>Control Panel</b> as an administrator and click the <b>SSO</b> tab. Click the <b>DOWNLOAD SP METADATA XML</b> button and save the data as the <b>sp-ONLYOFFICE.xml</b> file.</li>
|
||
<li>Add ONLYOFFICE as a trusted Service Provider in Shibboleth by specifying a new <code>MetadataProvider</code> element in the <code>SHIBBOLETH_HOME/conf/metadata-providers.xml</code> file.To do that, add the following portion of the code into the root <code>MetadataProvider</code> element. Provide the path to the metadata XML file of your organization (the file that you have saved at the previous step <b>a</b>:</li>
|
||
</ol>
|
||
<pre class="prettyprint source linenums"><code><MetadataProvider id="ONLYOFFICESP" xsi:type="FilesystemMetadataProvider" metadataFile="<PATH_TO_THE_SAVED_METADATA>/metadata/sp-ONLYOFFICE.xml"/></code></pre>
|
||
</li>
|
||
<li>Configure user attributes that will be returned from the Shibboleth IdP.
|
||
<ol style="list-style-type: lower-alpha;">
|
||
<li>Edit the <code>SHIBBOLETH_HOME/conf/attribute-resolver.xml</code> file. Comment or delete all the existing definitions of the attributes and data connectors.</li>
|
||
<li>Add the following attribute entry into the <code>resolver:AttributeResolver</code> section.</li>
|
||
</ol>
|
||
<pre class="prettyprint source linenums"><code><resolver:AttributeResolver
|
||
xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
|
||
xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
|
||
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad"
|
||
xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
|
||
xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder"
|
||
xmlns:sec="urn:mace:shibboleth:2.0:security"
|
||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
|
||
urn:mace:shibboleth:2.0:resolver:pc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-pc.xsd
|
||
urn:mace:shibboleth:2.0:resolver:ad http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-ad.xsd
|
||
urn:mace:shibboleth:2.0:resolver:dc http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd
|
||
urn:mace:shibboleth:2.0:attribute:encoder http://shibboleth.net/schema/idp/shibboleth-attribute-encoder.xsd
|
||
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd">
|
||
<!-- ========================================== -->
|
||
<!-- Attribute Definitions -->
|
||
<!-- ========================================== -->
|
||
<!-- Schema: Core schema attributes-->
|
||
<resolver:AttributeDefinition id="email" xsi:type="ad:Simple" sourceAttributeID="mail">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
<resolver:AttributeDefinition xsi:type="ad:Simple" id="mobileNumber" sourceAttributeID="mobile">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
<resolver:AttributeDefinition xsi:type="ad:Simple" id="surname" sourceAttributeID="sn">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
<resolver:AttributeDefinition xsi:type="ad:Simple" id="locality" sourceAttributeID="l">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
<resolver:AttributeDefinition xsi:type="ad:Simple" id="title" sourceAttributeID="title">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
<resolver:AttributeDefinition xsi:type="ad:Simple" id="givenName" sourceAttributeID="givenName">
|
||
<resolver:Dependency ref="myLDAP" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
|
||
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
|
||
</resolver:AttributeDefinition>
|
||
</resolver:AttributeResolver></code></pre>
|
||
<ol style="list-style-type: lower-alpha;">
|
||
<li value="3">Configure the attributes to release to the Service Provider. Edit the <code>SHIBBOLETH_HOME/conf/attribute-filter.xml</code> file and add the following code:</li>
|
||
</ol>
|
||
<pre class="prettyprint source linenums"><code><AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
|
||
xmlns="urn:mace:shibboleth:2.0:afp"
|
||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
|
||
<!-- Release some attributes to an SP. -->
|
||
<AttributeFilterPolicy id="ONLYOFFICESP">
|
||
<PolicyRequirementRule xsi:type="OR">
|
||
<Rule xsi:type="Requester" value="https://{portal-domain}/sso/metadata" />
|
||
</PolicyRequirementRule>
|
||
<AttributeRule attributeID="mail">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
<AttributeRule attributeID="surname">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
<AttributeRule attributeID="givenName">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
<AttributeRule attributeID="mobileNumber">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
<AttributeRule attributeID="title">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
<AttributeRule attributeID="locality">
|
||
<PermitValueRule xsi:type="ANY" />
|
||
</AttributeRule>
|
||
</AttributeFilterPolicy>
|
||
</AttributeFilterPolicyGroup></code></pre>
|
||
<div class="notehelp">Replace <code>{portal-domain}</code> with your portal domain name.</div>
|
||
</li>
|
||
<li>Edit the <code>SHIBBOLETH_HOME/conf/relying-party.xml</code> file.
|
||
<ol style="list-style-type: lower-alpha;">
|
||
<li>Copy the following XML code and paste it into the <code>shibboleth.RelyingPartyOverrides</code> elements in order to overwrite default settings for the Shibboleth IdP:</li>
|
||
</ol>
|
||
<pre class="prettyprint source linenums"><code><util:list id="shibboleth.RelyingPartyOverrides">
|
||
<bean parent="RelyingPartyByName" c:relyingPartyIds="https://{portal-domain}/sso/metadata">
|
||
<property name="profileConfigurations">
|
||
<list>
|
||
<bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
|
||
<bean parent="SAML2.SSO" p:encryptAssertions="true" p:postAuthenticationFlows="attribute-release" />
|
||
<bean parent="SAML2.Logout" />
|
||
</list>
|
||
</property>
|
||
</bean></code></pre>
|
||
<div class="notehelp">Replace <code>{portal-domain}</code> with your portal domain name.</div>
|
||
</li>
|
||
<li>Restart the Shibboleth daemon (Linux) or service (Windows).</li>
|
||
</ol>
|
||
<h2 id="CheckWork">Checking the work of the ONLYOFFICE SP with the Shibboleth IdP</h2>
|
||
<h5>Logging in to ONLYOFFICE on the SP side</h5>
|
||
<ol>
|
||
<li>Go to the ONLYOFFICE Authentication page (e.g., <span class="param-type">https://myportal-address.com/auth.aspx</span>).</li>
|
||
<li>Click the <b>Single sign-on</b> button (the caption may differ if you have specified your own text when configuring ONLYOFFICE SP). If the button is missing, this means that SSO is not enabled.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img112_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide95/authenticationpage.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img112_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide95/authenticationpage.png")%>" />
|
||
<div target="img112_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>If all the SP and IdP parameters are set correctly, we will be redirected to the Shibboleth IdP login form:
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img7_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_7.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img7_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_7.png")%>" />
|
||
<div target="img7_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>Enter the username and password of the Shibboleth IdP account and check the <b>Don't Remember Login</b> box.</li>
|
||
<li>If the credentials are correct, a new window opens. Allow the provision of information to the service by clicking the <b>Accept</b> button.
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img11_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_7-1.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img11_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_7-1.png")%>" />
|
||
<div target="img11_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
</li>
|
||
<li>If everything is correct, we will be redirected to the main page of the portal (the user will be created automatically if missing, or the data will be updated if changed in the IDP).</li>
|
||
</ol>
|
||
<h5>Profiles for users added with SSO authentication</h5>
|
||
<p>The possibility to edit user profiles created using the SSO authentication is restricted. The user profile fields received from the IdP are disabled for editing (i.e. <code>First Name</code>, <code>Last Name</code>, <code>Email</code>, <code>Title</code> and <code>Location</code>). You can edit these fields from your IdP account only.</p>
|
||
<p>The figure below shows the Actions menu for an SSO user:</p>
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img8_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_8.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img8_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_8.png")%>" />
|
||
<div target="img8_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
<p>The following figure shows an SSO user profile opened for editing:</p>
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img9_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_9.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img9_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_9.png")%>" />
|
||
<div target="img9_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
<p>The users created using the SSO authentication are marked with the <span class="sso_icon">SSO</span> icon in the user list for the portal administrators:</p>
|
||
<div class="screen_block">
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" target="img10_eventcom_guides" class="screenphoto screen_guides" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/small/guide93/shibboleth_10.png")%>" />
|
||
<img alt="How to configure Shibboleth v2.x - 3.x IdP and ONLYOFFICE SP" id="img10_eventcom_guides" class="bigphoto_screen" src="<%=VirtualPathUtility.ToAbsolute("~/images/Help/Guides/big/guide93/shibboleth_10.png")%>" />
|
||
<div target="img10_eventcom_guides" class="screenphoto magnifier"></div>
|
||
</div>
|
||
<p>To log out from the Shibboleth IdP (if you have not checked the <b>Don't Remember Login</b> box when logging in), go to the link that looks like this: <span class="param-type">https://{shibboleth-idp-domain}/idp/profile/Logout</span></p>
|
||
</div>
|
||
</div>
|