SAML Authentication

Owned by Heather Geyer
Aug 08, 2022
3 min read

Voyager can use SAML authentication where available.  To enable it, you will need to:

  • Configure SAML Authentication

  • Configure the ADFS Server

  • Configure Groups

  • Install Java Cryptography Extension (JCE) Unlimited Strength

NOTE: Java Cryptography Extension (JCE) Unlimited Strength is required.

Configuring SAML authentication

To configure SAML authentication:

Go to Manage > Authentication > SAML.

Enter your identity provider metadata.

Click Save to save the configuration.

Select the KeyStore tab to install or create a new certificate.

Enter the Keystore and Private Key passwords.

Click Save.

Once the key store is created, click Download Metadata to import the federated data into your server. Alternatively you can upload an already existing key store.

Configuring the ADFS Server

Open the AD FS management console and select Relying Party Trusts.

Click Add Relying Party Trust Wizard.

Click Start and follow the steps.

Select the metadata file exported from Voyager.

Click Next.

Enter the Display Name.

Configure the Issuance Authorization Rules.

Review the configuration and click Next.

Open the Claim Rules editor.

Add a new rule.

Open the Send LDAP Attributes as Claims template.

Specify the Name ID (required).

Specify the Group and Display-Name attributes (optional).

If you generated a Self-signed certificate you must install it into the Trusted Root Certification Authorities store.

Important: Make sure that SHA-1 is selected as secure hash algorithm.

Double-click on the recently added Relaying Party Trust and select the Encryption tab.

Click View.. and select Install Certificate.

Select the Certificate Store.

Click OK.

Click Next to store the Certificate.

Make sure SAML authentication is enabled and restart Voyager.

Managing groups

You can add existing groups and grant them administrator rights.

Click Add and optionally grant administration access.

Installing Java Cryptography Extension (JCE) Unlimited Strength

Java Cryptography Extension (JCE) Unlimited Strength is required for SAML authentication in Voyager and is not shipped with the bundled JRE in Voyager installer. It can be downloaded from http://www.oracle.com . Make sure you download the right version for your JRE (i.e. Java 7, Java 8). Download and unzip the package and follow the instructions from README.txt.

After installation, you must restart Voyager.