Introduction
If you would like to try out or demo HelloID's Single Sign-On (SSO) capabilities, but you don't have an SSO-enabled application handy, you can use the SAML 2.0 Test Service Provider from RSA. If you'd like more information, you can visit this RSA blog post.
This article will lead you through creating a SAML connection to the test application.
Create or Import a Certificate
If there is no certificate yet, a certificate must be imported or created. This can be done in the HelloID Administrator Portal under Settings > Certificates. For this tutorial, we will use a self-signed certificate. Learn more about certificates here.
Application Setup
Add the Application
Create a new application in HelloID by navigating to Applications > Applications. Open the Application Catalog and search for "Generic". Find the Generic SAML template, and click Add. Learn more about managing applications here.
General tab
On the General tab, change the display name of the application to "RSA SAML Test". Set the Default Logon URL to https://sptest.iamshowcase.com/acs, as shown in the screenshot below.
Optionally, you may also add a description and a new icon. Click Next.
Single Sign-on tab
On the Single Sign-On tab, make the following configuration changes:
- Set Issuer to your base HelloID URL (e.g., https://enyoi.helloid.com)
- Set the ACS URL to https://sptest.iamshowcase.com/acs
- In the X509 Certificate dropdown, select the certificate that you created earlier.
Self service tab
On the Self Service tab, choose whether to automatically create a Self Service product, which makes the application requestable. This is optional. Click Next.
Finish tab
On the Finish tab, click Save to add the application to HelloID.
Test the application
On your HelloID application dashboard, you should now see your newly-added RSA SAML Test application. Click on it, and HelloID will initialize the application and take you to the service provider's landing page. You should be greeted with a page that looks like the screenshot below.
Add additional claims to the assertion
Further down the service provider's landing page, you can see the attributes (claims) and values that were sent as part of the SAML assertion. So far, you've only sent your NameID value to the test service provider. Using information from this article, you can modify the mapping set for the application inside of HelloID to send over more information, such as first and last name, title, department, and more.