- One is the IdP (the identity provider)
- and the other is SP (service provider).
In this documentation, the IdP will be a public IdP such as SSOCircle and the SP will be CentreStack. The SSOCircle is used as an example to set up the IdP, it can work with other IdP as well.
On the CentreStack side, it is a multi-tenant system and each tenant may want to have its own SSO service. So the Single Sign On is a per-tenant setting.
You can find the Single Sign On at the tenant manager section, under group policy and then "Single Sign On".
Step 1: Register CentreStack at IdP
IdP will need to register CentreStack as a service provider (SP) by importing the SP's meta data.
You will find the CentreStack's metadata at the following location (per-tenant setting).
We can use the following xml to register centrestack as an SP at SSOCircle.
Now at the SSOCircle, need to add a new service provider
In the next screen, we can paste in the xml from CentreStack side, set the FQDN to the URL contained within the XML, and check the 3 parameters, the FirstName, LastName and Email.
Now the SSOCircle side of the registration is done.
Step 2: Register SSOCircle at CentreStack side.
The IdP registration and SP registration is a two-way I trust you and now you trust me kind of manual setup.
The meta data from the SSOCircle look like this and it can be imported to CentreStack.
Inside the meta data from SSOCircle, you will see there is a HTTP-Redirect URL, that will be the URL we use to register the IdP. And also register the 3 paramaters (FirstName, LastName, EmailAddress) from the IdP.