OneLogin (en)

Preparation

To use OneLogin you must have:

• OneLogin administrator account.

Raketa provides you:

• Audience (EntityID) in the following format: https://raketa.travel/ - service provider object identifier.
• Recipient in the following format: https://raketa.travel/sso/acs - SSO request handler.
• ACS (Customer) URL Validator in the following format: ^https:\/\/raketa.travel\/sso\/acs\.*$ - regular expression that validates Raketa URL.
• ACS (Customer) URL in the following format: https://raketa.travel/sso/acs?clientId=RAKETA_CLIENT_ID, where RAKETA_CLIENT_ID - client id in Raketa.
  

After all the necessary settings you should provide to Raketa:

• X.509 Certificate (Standard Strength Certificate 2048-bit) - auto-generated certificate file.
  
• Issuer URL - OneLogin identifier.
  
• SAML 2.0 Endpoint (HTTP) - SSO request handler.
• SLO Endpoint (HTTP) - logout URL.
• Login URL - your authorization web-page URL, which we will use to redirect users to your authentication system.
  

Application configuration

1. Log in to the OneLogin website: https://app.onelogin.com/login.
   
   
2. Select application setting from the main menu "Applications" [1] → "Applications" [2].
   
   
   
3. Click the "Add App" button [3] to add a new application.
   
   
   
4. Use the search field [4] to find the application type "SAML Test Connector (Advanced)" [5] and select it.
   
   
   
5. Enter the application name [6] and click the "Save" button [7] to save the changes.
   
   
   
6. Select "SSO" [8] from the side menu.
   
   
   
7. The page that opens will display the auto-generated settings that you should provide to Raketa:
   

   1. Issuer URL [10],

   2. SAML 2.0 Endpoint (HTTP) [11],

   3. SLO Endpoint (HTTP) [12].
      Fix them and go to download the certificate from the "View Details" link [9].
      
      
      

8. Click the "Download" button [13] to download the "X.509 Certificate".
   
   
   
9. Select "Configurarion" [14] from the side menu. Specify application details using data provided by Raketa:
   1. Audience (EntityID) [15].
   2. Recipient [16].
   3. ACS (Customer) URL Validator [17].
   4. ACS (Customer) URL [18].
      
      
      
10. On the same page, specify Login URL [19] and select SAML nameID format [20]: Email. Click the "Save" button [21] to save the changes.