The scenario is:
We are the Service Provider and OneLogin is an Identity Provider. We have created a trial account on Onelogin and created a SP test connector Signed Response and Encrypted Assertion and configured my application in the connector.
When we login to my application, it does not go with legacy login process(authentication against with database) rather it redirects to onelogin for authentication. We specify the credentials on Onelogin and Onelogin sends a SAML response to my application. Inside my application, we have links to go the partner apps. When user click on partner app link, it redirects to Onelogin and since user is already authenticated so onelogin just send the SAML response to partner app and allow to open partner app dashboard. This way I achieved SAML Protocol with One Login in my application and my partner applications.
Here are 2 questions:-
1. We need to have Onelogin on premise. Can we install OneLogin on-premise so what will be the cost and hardware/software requirement for this? - The reason behind this, We do not want to become an identity provider. We want onelogin to work on behalf of us for our customers.
2. I just want to confirm that above approach to achieve SSO using SAML is correct with Onelogin. I have one doubt in this, Eventually an end user needs to remember 2 passwords - One for legacy login password for application which authenticates user through database infrastructure and other for Onelogin password if they want SSO with their partner apps.
If all users of my applications want SSO with partner apps, then authentication will be on Onelogin and applications legacy login would no longer be used. Please confirm.
Thank u so much in Advance.. I am really keen for your answers.
Please sign in to leave a comment.