Skip to end of metadata
Go to start of metadata

As an administrator you can integrate these two systems so that your JumpCloud users can access their FileCloud account without having to enter their credentials a second time.

JumpCloud’s is a cloud-based platform

  • It enables IT teams to securely manage user identities
  • It connects teams them to resources they need regardless of provider, protocol, vendor, or location

In this integration scenario:

  • JumpCloud must be configured as an Identity Provider (IdP)
  • FileCloud will act as the Service Provider (SP)

Configure FileCloud with JumpCloud


 1. In JumpCloud, create a new Application.

1a.  Open a browser and log in to your JumpCloud admin URL by typing it in or clicking on this URL https://console.jumpcloud.com/login

1b.  From the left navigation pane, click APPLICATIONS.

1c.  On the Applications screen, to add a new application, click the plus sign.

1d.  On the Configure New Application screen, select SAML as an application type.

 2. In JumpCloud, configure the Display Name.

2a.  On the Configure New Application screen, click Configure.


 

 2b. In Display Label, type in FileCloud Server

2c.  In IDP Entity ID is displayed the unique, case-sensitive identifier used by JumpCloud for this FileCloud service provider.

 3. In JumpCloud, configure the private key and certificate.

3a.  If one does not already exist that you want to use, generate a private key and certificate for Windows:

OpenSSL> genrsa -out myprivatekey.pem 2048 OpenSSL> req -new -x509 -key myprivatekey.pem -out mypublic_cert.pem -days 3650 -config .\openssl.cnf


3b.  If one does not already exist that you want to use, generate a private key and certificate for Linux:

openssl genrsa -out private.pem 2048openssl genrsa -out private.pem 2048 openssl req -new -x509 -sha256 -key private.pem -out cert.pem -days 1095

3c.  Select the key and certificate using the following settings:

  • Click Upload IDP private key  and then select the private key you want to use for signing the SAML Response
  • Click Upload IDP Certificate and then select the public certificate generated from your private key


 4. In JumpCloud, configure URLs.

4a.  In JumpCloud, on the configuration screen, configure the following settings:

  •  In SP Entity ID, enter the following:
http://<your domain>/simplesaml/module.php/saml/sp/metadata.php/default-sp
  • In ACS URLwhich is the FileCloud assertion URL,  enter the following:
http://<your domain>/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
 5. In JumpCloud, configure attributes, save and export.


5a. In JumpCloud, on the configuration screen, use the following settings:

  • In Saml Subject NamedID, select email. This allows you to specify the email address that matches the Username set in FileCLoud on the SSO screen.


  • In Saml Subject NameID format select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

USER ATTRIBUTES

  • These are attributes an administrator configures that are sent to the service provider
  • The value specified must directly reflect the JumpCloud system user property name

(warning)  The attribute names in JumpCloud must match the names set in FileCloud Server on the SSO screen.

Verify you have the following User Attributes, as shown in the screenshot. If not, create them.

JUMPCLOUD NAMEVALUE FILECLOUD EQUIVALENT
givenNamefirstname

Given Name

snlastname

Surname

mail

email

Email
uiduid Username


5b. In JumpCloud, set Default Relay State to http://<your domain>/auth/samlsso.php

5c. In JumpCloud, verify that IdP URL is the same as the IDP Entity ID  in step 1.

(lightbulb)  This is important because it is the URL used to connect Filecloud to JumpCloud.

5d. In JumpCloud, click Save.

5e. In JumpCloud, click Export Metadata.

(lightbulb) The metadata is exported from JumpCloud into an XML file you will use when configuring FileCloud SSO Settings.

 6. In JumpCloud, add users to your group

6a. In JumpCloud, on the Users screen, click the green button with the white plus sign to add a new user.

6b. In JumpCloud, on the New User screen, select the Details tab and type in the user's information.

 

 

6c. In JumpCloud, on the New User screen, select the User Groups tab and add the user to your FileCloud Group.

6d.   In JumpCloud, on the New User screen, click the Save User button.




 8. In FileCloud, configure the SSO settings.

To configure the FileCloud SSO settings:

  1. Open a browser and log in to the Admin Portal.
  2. From the left navigation pane, under SETTINGS, select Settings.
  3. Select the SSO sub-tab.
  4. In Idp End Point URL, type or paste in the SAME URL as the Entity ID URL used in JumpCloud.
  5. Click Save and minimize the browser.


 9. Copy certificates to the FileCloud server.

9a.  On the FileCloud server, copy the private key generated in Step 3 into your Filecloud server in the following location:

/var/www/html/thirdparty/simplesaml/cert/

9b.  Rename the file to: saml.pem

9c.  On the FileCloud server, copy the certificate generated in Step 3 into your Filecloud server in the following location:

/var/www/html/thirdparty/simplesaml/cert/

9d.  Rename the file to: saml.crt

 10. Copy JumpCloud metadata to FileCloud SSO Settings.

Use the metadata exported in Step 5 to configure the FileCloud Server SSO Idp Meta Data parameter.

To configure the FileCloud Idp Meta Data parameter:

  1. Open a browser and log in to the Admin Portal.
  2. From the left navigation pane, under SETTINGS, select Settings.
  3. Select the SSO sub-tab.
  4. Scroll down to the Idp Meta Data field.
  5. On the server, open the XML file that contains the metadata you exported from JumpCloud in step 5.
  6. Copy the metadata in the file and paste it into FileCloud on the SSO tab in the IdP Meta Data field.
  7. Click Save.


Now you can start using the Single Sign-On with JumpCloud from FileCloud!

 

  • No labels