1. In OneLogin app, go to the Administration section → Applications → Add App:
2. In the Search tab, type and choose SAML Custom Connector (Advanced):
3. In Display Name field, put Calamari. In addition, you can upload the Calamari logo here to make it easier for you to recognize the Calamari App. Then, click the Save button:
4. Open the Configuration section from the left bar.
5. To complete this part, copy some information from your Calamari app.
To do this, log in to Calamari as admin and go to Configuration → SAML → Configure → Turn on Integration.
You should see the Service Provider Information table:
Copy the Assertion Consumer Service (ACS) URL field from Calamari and paste it into OneLogin under the ACS (Consumer) URL field.
Copy the Entity ID / Audience URI field from Calamari and paste it into OneLogin under the Audience (EntityID) field.
We need to enter 2 more fields in OneLogin: ACS (Consumer) URL Validator and Login URL:
ACS (Consumer) URL Validator is a regex version of the ACS (Consumer) URL.
This is how the ACS URL Validator should look like depending on Client's location:Europe: ^https:\/\/gateway.prod.eu-west-1.calamari.io\/saml2\/acs\/\$
USA: ^https:\/\/gateway.prod.us-east-1.calamari.io\/saml2\/acs\/\$
Asia: ^https:\/\/gateway.prod.ap-southeast-1.calamari.io\/saml2\/acs\/\$
The Login URL field can be copied from here:
https://gateway.calamari.io/saml2/authenticate/example
Where example represents your Calamari domain name. Don’t forget to update this link with your Calamari domain name.
This is an example of how it should look like:
6. Scroll down the Configuration page to the SAML Initiator, change the value to Service Provider, and then save the changes in the top-right corner:
7. Ensure users/roles in OneLogin can access the Calamari app you created. To check it, navigate the Users tab in OneLogin:
8. The last thing that needs to be set up in OneLogin is SSO. Navigate the Applications tab again → enter the Calamari App → SSO tab.
The following information needs to be entered into Calamari:
Some field names are different in different systems, so to make things easier for you, we've compiled a list of things from OneLogin that have an equivalent in Calamari:
X.509 Certificate from OneLogin = Public Certificate in Calamari
Issuer URL from OneLogin = Issuer Entity ID in Calamari
SAML 2.0 Endpoint (HTTP) from OneLogin = SAML SSO URL in Calamari
For the X.509 Certificate, click the View Details button → copy the entire body from the X.509 Certificate field → paste it into the Calamari App under the Public Certificate field.
As a result, the SAML configuration in Calamari should look similar to the example below:
9. We’re all set! Now, you may want to set up additional features:
Force authentication
This feature forces re-entering the login details by users every time they sign in to Calamari.
Customisation
You can set up your custom button name (max 32 characters):
The custom button will be displayed on a login page:
