# Setting up MIRACL Trust SSO as an Identity Provider Within Jive-x
These instructions are up-to-date at the time of writing, but you should refer back to the Jive guidance on SAML IdP access to check for any changes. We cannot guarantee the accuracy of our SP-specific guidance.
-
Log in to Jive-x (as administrator).
-
Click on People in the horizontal navigation:
-
Click on the Settings tab:
-
Choose Single Sign-On from the menu:
-
Click on the SAML tab:
-
Ensure the settings are configured as shown in the screenshot.
-
Click on the Save All SAML Settings button.
-
Click on the Download Jive SP Metadata link and save the SP metadata to a secure location on your hard drive.
-
Click on the IdP Metadata tab:
-
Copy / paste the contents of
http://<yourssoip>/metadatainto the text box and click on the Save All SAML Settings button. Note that, for a production setup, if you manually download your IdP metadata file, the validUntil date at the top of the file needs to be edited to an appropriate date (it defaults to 48hrs from the current date). -
Click on the User Attribute Mapping tab:
-
Replace ‘miracl-ext’ in the ‘Base metadata URL’ field with your own sub domain name.
-
Click on the Save All SAML Settings button.
-
Click on the Advanced tab:
-
Ensure the settings are configured as shown in the screenshot.
-
Click on the Save All SAML Settings button.
# Configuring Your Jive-x Service Provider Profile With MIRACL Trust SSO
-
Edit
/etc/miracl-sso/service_providers/jivex.yaml:sp: jivex: description: Jive is a communication and collaboration platform name: Jive relay_state: / login_url: https://jivex.example.com logout_url: https://jivex.example.com/logout.jspa metadata: >- <!-- insert downloaded SP metatadata here --> sign_response: true sign_assertion: true encrypt_assertion: true authorize: - - email: ^[^@]+@example.com$ -
Note that the name under which the SP is registered in the sp section is used to create your IdP-initiated login url, i.e.
https://<yourssoip>/login/jivex. -
Update login_url and logout_url with the correct information from Jive-x
-
Copy and paste the downloaded Jive metadata (as obtained in Step 8 above).
Note that, if you are using JSON format for your config file, the downloaded metadata should be saved as an xml file and converted to a single line with the " characters escaped with \ to meet json structure requirements. This can be achieved by running the following command on the downloaded metadata.xml file:
echo -e "\n"$(cat metadata.xml | tr -d '\n' | sed -E 's/"/\\"/g')"\n"The contents then are output in the terminal in a format that can be pasted into the metadata field of a JSON file.
-
In the authorize subsection, you can control what users are allowed to attempt login by following one or both of the below steps:
- Call up an LDAP setup from an
ldap.yamlfile stored in/etc/miracl-sso/integrations. - Configure a regex list of email addresses/domains. The above config shows
an example of how you would use
email: ^[^@]+@example.com$to only allow users from a certain email domain to login.
Note that if this is not set correctly, you receive ‘unauthorized user’ messages.
For more detailed info on using LDAP, API and/or regex to control authorized users, please see the authorization menu section.
- Call up an LDAP setup from an
-
Save and close the file.
-
In your /etc/miracl-sso/config.yaml file make sure you add
jivex.yamlto the list of ‘includes’:includes: - core.yaml # service providers - service_providers/jivex.yaml -
As always after config changes, restart the server.
-
Now your service is configured, you can visit
https://<yourssoip>/login/jivexorhttps://<yourssoip>/servicesto log in to the service using IdP-initiated login, or visit the Jive login page and SP-initiated login are triggered automatically. -
You are able to login using the in-browser PIN pad or with the MIRACL Trust app. When logging in to your SSO service for the first time you are asked to register an email address so as to confirm your identity and register you as a user.
