EasySSO SAML with Azure AD - Signing, Validation, Encryption

Describes configuration necessary to integrate EasySSO with Azure AD using SAML with Signing, Validation and Encryption


Azure AD - Signing and Validation (Optional)

This will also allow for Single Logout (SLO) and IdP initiated logout.

EasySSO Configuration

  1. On the Certificates page

    1. Click the Generate Certificates button
    2. Paste the contents of the SP Signing certificate into a text file and then change the filename to cert.cer
    3. Remove the header (-----BEGIN CERTIFICATE-----) and footer (-----END CERTIFICATE-----)
  2. On the General page

    1. Make sure Sign SP Login request is ticked
    2. For Logout Binding Type select POST 
    3. Copy POST Binding URL and paste into Single Logout URL text box
    4. Make sure Sign SP Logout request is ticked
    5. Make sure Sign SP Logout response is ticked
    6. Make sure Verify SP Logout Request Signature is ticked
    7. Make sure Verify SP Logout Response Signature is NOT ticked
    8. Click Save

Azure Configuration

Inside Azure Enterprise Applications - EasySSO

  1. On the Single sign-on panel for EasySSO
  2. On the SAML Certificates Verification certificates (optional), click Edit

  3. On the Edit page for Verification certificates (optional)

    1. Make sure Require verification certificates is ticked
    2. Make sure Allow requests signed with RSA-SHA1 is ticked
    3. Click the Upload certificate button and upload the previously saved cert.cer file
    4. Click Save

Encrypted Assertions (Optional)

Azure Encrypted assertions requires Microsoft Entra ID Premium

EasySSO Configuration

  1. Open the EasySSO Admin page
  2. Click the SAML button to be taken to the SAML Admin configuration
  3. Check the 'Encrypt Assertions' check box
  4. Click the Save button at the bottom of the page to save the updated configuration
  5. Click the 'Certificates' tab
  6. Click the button to download the SP Certificate. This certificate is in a CER format

Azure Configuration

  1. Open your SAML Administration page
  2. Open the SAML Client configuration
  3. In the side panel, in the security section, click "Token encryption" and then click to import certificate
  4. Upload the SP Certificate previously downloaded into the encrypted certificate section (If your client only allows .crt or .pem certificates, copy the contents of the sp certificate text box into a new file and save it with the name of 'myeasyssosp.crt' or 'myeasyssosp.pem' as appropriate).
  5. Click the ellipsis button (...) and then click to Activate token encryption certificate






EasySSO articles

No documentation found

Try for free

EasySSO for Jira, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Try for free