Please note that Third Light does not provide support for setting up products from other vendors and offer these instructions on an example basis only.
Chorus SAML2 Settings page
Admin > Site > SAML2
- Enable SAML2 Single Sign-On
- Choose Load IdP Metadata from URL or Load IdP Metadata from XML. You can get the correct settings from the Okta documentation, e.g. https://developer.okta.com/docs/guides/saml-application-setup/config-saml-in-app/
- Save SAML2 Settings
Take a note of the SP Entity Id, SP Metadata URL and ACS URL values, as they are needed for the Okta configuration.
Okta 'SAML Settings' page
You can obtain the SP Metadata URL and SP Entity ID from the Admin > Site > SAML2 page.
| Single Sign On URL | Enter the Chorus SP ACS URL e.g. https://<your.chorus.site>/samlconsume.tlx/<012345678>/module.php/saml/sp/saml2-acs.php/samlauth |
| Recipient URL | As per Single sign On URL |
| Destination URL | As per Single Sign On URL |
| Audience Restriction/URI | Enter the Chorus SP Entity ID (exactly as it appears in the Chorus configuration page. This is an id string, not an accessible URL) |
| Default Relay State | For IdP initialised SSO (where you login to IdP first, then the SP e.g. via intranet portal) add the IdP SSO URL |
| Name ID format | Persistent |
| Response | Signed |
| Assertion Signature | Signed |
| Signature Algorithm | RSA_SHA256 |
| Digest Algorithm | SHA256 |
| Assertion Encryption | Unencrypted |
| SAML Single Logout | Disabled |
| authnContextClassRef | PasswordProtectedTransport |
| Honor Force Authentication | YES |
| SAML Issuer ID | http://www.okta.com/${org.externalKey} |
Attribute Statements
Name | Name Format | Value |
|---|---|---|
| commonName | Basic | String.removeSpaces(user.firstName + "." + user.lastName) |
| name | Basic | user.firstName + " " + user.lastName |
| emailaddress | Basic | user.email |
You are here:
