Knowledge Base
  • Select Role
  • English
  • Login

Joget SharePoint SSO Integration

Joget Workflow and Microsoft SharePoint complement each other, fulfilling distinct organizational roles. SharePoint is a platform for team collaboration, intranets, and enterprise document and content management. Extending SharePoint's capabilities through apps involves complex traditional programming. In contrast, Joget is a platform designed to build web apps and efficiently automate processes. It integrates with SharePoint through Single Sign-On (SSO), using Active Directory Federation Services (ADFS) that support the Security Assertion Markup Language (SAML) standard. This integration enhances SharePoint’s functionality by providing seamless access to custom apps developed on the Joget platform.

Configuring Joget SharePoint SSO

Before configuring Joget SharePoint SSO, it's essential to ensure that the necessary prerequisites are met. This includes installing and configuring SharePoint Foundation 2013, addressing any SharePoint installation issues on Windows 2012 R2, setting up Active Directory Federation Services (AD FS), and installing Joget. Once these prerequisites are in place, you can proceed with configuring Joget SharePoint SSO. Here's how to do it:

Prerequisites

To set up SSO integration between SharePoint and Joget, make sure the following are installed and configured:

  1. Download SharePoint Foundation 2013.
  2. Install SharePoint 2013 on a single server with a built-in database.
  3. Fix SharePoint installation issues on Windows 2012 R2: https://www.axian.com/2014/06/11/sharepoint-2013-configuration-wizard-issues-when-installing-local-development-instance/
  4. Install the AD FS software on Windows Server 2012 R2.
  5. Configure SAML-based claims authentication with AD FS in SharePoint 2013.
  6. Install Joget, options for installing: 
    1. Install On-Premise
    2. Install on Docker
    3. Install on OpenShift
    4. Sign up for Joget Workflow On-Demand

Export AD FS token signing certificate

To ensure secure communication between AD FS and Joget, follow these steps to export the token signing certificate:

  1. Open Windows Server Manager, go to Tools > AD FS Management.
  2. In the AD FS Management console, select Service > Certificates.
  3. Click the Token-signing certificate, then View Certificate.
  4. In the Details tab, select Copy to File… to start the Certificate Export Wizard.
  5. On the Welcome to the Certificate Export Wizard page, click Next.
  6. On the Export Private Key page, click No, do not export the private key, and then click Next.
  7. On the Export File Format page, select Base-64 encoded X.509 (.CER), and then click Next.
  8. On the File to Export page, type the name and location of the file that you want to export, and then click Next. For example, enter C:\ADFS.cer.
  9. On the Completing the Certificate Export Wizard page, click Finish.

Configure SAML directory manager for Joget

To set up the SAML Directory Manager for facilitating SSO, follow these steps:

  1. Download the SAML Directory Manager from the Joget Marketplace.
  2. Log in to Joget as an administrator and go to Settings > Manage Plugins, then Upload Plugin.
  3. Upload the downloaded JAR file.
  4. In Settings > Directory Manager, select SAML Directory Manager and click Select.
  5. Open the exported AD FS certificate with a text editor, copy the contents, and paste them into the IDP Certificate field in the Plugin Configuration page (exclude the BEGIN and END lines).
  6. Configure User Provisioning and LDAP integration as required and click Submit to save settings.
  7. Copy the value of the ACS URL (to be used in AD FS configuration later).
  8. With User Provisioning Enabled checked, a user will be created on first login if the username does not already exist. To integrate with Active Directory directly to retrieve users and groups, configure the External Directory Manager to LDAP Directory Manager.
  9. Click on Submit to save the settings.

Add relying party trust

Establish trust between AD FS and Joget to enable SSO, following these steps:

  1. Open Windows Server Manager, go to Tools > AD FS Management.
  2. Go to Trust Relationships > Relying Party Trusts, and click Add Relying Party Trust.
  3. On the Welcome to the Add Relying Party Trust Wizard page, click Start.
  4. Choose Enter data about the relying party manually and click Next.
  5. Enter a relying party name (e.g., "Joget") and click Next.
  6. Ensure Active Directory Federation Services (AD FS) 2.0 Profile is selected, then click Next.
  7. Opt to not use an encryption certificate and click Next.
  8. Check the box for Enable support for the SAML 2.0 WebSSO protocol.
  9. In the Relying party SAML 2.0 SSO service URL field, enter the URL copied from the Joget SAML Directory Manager earlier (e.g., https://mysite.cloud.joget.com/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service).
  10. Paste this URL into the relying party trust identifier field, then click Add and Next.
  11. Select Permit all users to access this relying party and click Next.
  12. On the Ready to Add Trust page, click Next.
  13. On the Finish page, click Close to open the Rules Editor Management console.

Edit claim rules

Configure claim rules for attribute passing, following these steps:

  1. On the Issuance Transform Rules tab, click Add Rule.
  2. Select Send LDAP Attributes as Claims on the Select Rule Template page and click Next.
  3. On the Configure Rule page, enter the name of the claim rule (e.g., "User Attributes") in the Claim rule name field.
  4. From the Attribute Store drop-down list, select Active Directory.
  5. Map LDAP attributes to outgoing claim types as follows:

  6. Click Finish, then OK.

Testing the single sign-on (SSO)

  1. Go to the AD FS login page (e.g., https://windows.local/adfs/ls/idpinitiatedsignon.aspx).
  2. Select the appropriate site (e.g., Joget) and click on Sign in.
  3. Log in to SharePoint using your AD account.
  4. Upon successful login, you should be automatically logged into Joget.

Add link in SharePoint site

Easily access Joget from SharePoint by adding a direct link, following these steps:

  1. In SharePoint, go to the left menu and click Edit Links.
  2. Click on + link to add a new link.
  3. Enter Joget in the Text to display field.
  4. For the Address, enter the SSO link. Assuming the AD FS server is at https://windows.local and the Joget server is at https://mysite.cloud.joget.com, use the following URL:
    https://windows.local/adfs/ls/idpinitiatedsignon.aspx?logintoRP=https://mysite.cloud.joget.com/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

  5. After creating the link, users will be able to click on it to seamlessly SSO into the Joget installation.
Created by Julieth Last modified by Aadrian on Dec 13, 2024
Tags:
Previous Joget SSO to Active Directory with Kerberos NextMaintenance