In OneLogin app, go to the Administration section → Applications → Add App:
2. In the Search tab, type and chose ‘SAML Custom Connector (Advanced)’:
3. In Display Name field, put ‘Calamari’. In addition, you can upload the Calamari logo here to make it easier for you to recognize the Calamari App. Then, click the Save button:
4. Open the ‘Configuration’ section from the left bar.
5. To complete this part, we need to copy some information from your Calamari app. For this, log in to Calamari as admin and go to the Configuration → SAML → Configure → Turn on the Integration → You should see the Service Provider Information table:
Copy the ‘Assertion Consumer Service (ACS) URLAssertion Consumer Service URL’ field from Calamari and paste it into OneLogin under the ‘ACS (Consumer) URL’ field.
Copy the Entity ID / Audience URI‘ID URL’ field from Calamari and paste it into OneLogin under the ‘Audience (EntityID)’ field.
We need to enter 2 more fields in OneLogin: ‘ACS (Consumer) URL Validator’ and ‘Login URL’:
The ‘ACS (Consumer) URL Validator’ is a regex version of the ACS (Consumer) URL.
This is how the ACS URL Validator should look like depending on Client's location:
Europe: ^https:\/\/gateway.prod.eu-west-1.calamari.io\/saml2\/acs\/\$
USA: ^https:\/\/gateway.prod.us-east-1.calamari.io\/saml2\/acs\/\$
Asia: ^https:\/\/gateway.prod.ap-southeast-1.calamari.io\/saml2\/acs\/\$
The ‘Login URL’ field can be copied from here:
Where ‘example’ represents your Calamari domain name. Don’t forget to update this link with your Calamari domain name.
This is the example of how it should look like:
6. Scroll down the Configuration page to the ‘SAML Initiator’ and change the value to “Service Provider” and then save the changes in the top-right corner.
7. Make sure that users/roles in OneLogin have access to the Calamari app that you just have created. To check it, navigate the Users tab in OneLogin:
8. The last thing that needs to be set up in OneLogin is SSO. Navigate the Applications tab again → enter the Calamari App → SSO tab. The following information needs to be entered into Calamari:
Some field names are different in different systems, so to make things easier for you, we've compiled a list of things from OneLogin that have an equivalent in Calamari.
‘X.509 Certificate’ from OneLogin = ‘Public Certificate’ in Calamari
‘Issuer URL’ from OneLogin = ‘Issuer Entity ID’ in Calamari
‘SAML 2.0 Endpoint (HTTP)’ from OneLogin = ‘SAML SSO URL’ in Calamari
For the ‘X.509 Certificate’, just click the ‘View Details’ button → copy the entire body from the ‘X.509 Certificate’ field → paste it into the Calamari App under the ‘Public Certificate’ field.
As a result, the SAML configuration in Calamari should look similar to the example below:
9. We’re all set! Now, you may want to set up additional features:
Force authentication - this feature causes re-entering the login details by users.
Sign-in button label - You can set up your custom button name that will be displayed in the Calamari login page:
See also: