How to implement SAML based SSO using GMO Trust Login
GMO Trust Login is used to implement SSO with SAML authentication.
GMO Trust Login acts as IdP, and Kuroco acts as SP for SAML authentication.
Prerequisites
This tutorial assumes that you have a GMO Trust Login account.
Please refer to GMO Trust Login documentation:
Registering an App with GMO Trust Login
Log in to Trust Login
Log in to Trust Login, navigate to [Management] -> [Apps], and click the [Register App] button in the top right corner.
Register "Kuroco (SAML)" as a Corporate App
Search for "Kuroco (SAML)" on the "Corporate App Registration" screen and select it.
Download the Certificate
Note down the values of "ID Provider URL" and "Issuer/Entity ID" under "ID Provider Information" and download the certificate by clicking the [Get Certificate] button.
Change the Extension of the Downloaded Certificate
Convert the extension of the downloaded certificate to ".cer".
Now, proceed to the Kuroco settings.
Do not click the [Register] button; instead, open Kuroco's management screen in a separate window.
Kuroco Configuration
Setting up External System Integration
Click on [External System Integration] -> [SAML SP] in the left menu of the Kuroco management screen.
Click the [Add] button.
Editing SAML SP
Configure the fields on the SAML SP editing screen as follows and save by clicking the [Add] button.
Field Descriptions
| Field | Description |
|---|---|
| Login SAML SP Name | Enter a name of your choice. |
| Target Domain | Set Admin panel. |
| Entity ID | Enter any string. |
| IDP XML Configuration File | Click [Don't have config file? Please click here.] to display items like "Certificate". |
| Certificate | Click [Choose File] and upload the "Certificate" (file with extension changed to .cer) obtained from Trust Login. |
| IDP URL | Enter the "ID Provider URL" obtained from Trust Login. |
| IDP Entity ID | Enter the "Issuer/Entity ID" obtained from Trust Login. |
| Expiration Date | Set any date and time. |
| Use Login ID | Turn off the checkbox. |
| Automatic User Registration | Turn off the checkbox. |
| Allow IDP-Initiated Flow | Turn on the checkbox. |
| Binding Method | Select "POST". |
To enable SAML JIT (automatically registering a user in Kuroco if they are not already registered), check the [Auto User Registration] option.
SAML SP Configuration
Click on the [Login SAML SP Name] that was added earlier.
Reupload Certificate
Upload the certificate obtained from Trust Login under "Certificates" again, click on the [Download Metadata] button to retrieve the metadata. Finally, update by clicking the [Update] button.
Return to the Trust Login management page.
Register Metadata with GMO Trust Login
Under "Service Provider Settings," click on "Select Metadata" and upload the metadata obtained from Kuroco.
Save by clicking the [Register] button.
Once you have added users who can access the app, the setup is complete.
Verify the Functionality
After completing the setup, the SSO link will appear on Kuroco's login page.
Clicking the link will redirect to the login page of GMO Trust Login.
You will now be able to log in via SAML here.
Support
If you have any other questions, please contact us or check out Our Slack Community.