FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. sswami
    3. Best
    S
    • Profile
    • Following 0
    • Followers 0
    • Topics 5
    • Posts 24
    • Best 3
    • Controversial 0
    • Groups 0

    Best posts made by sswami

    • RE: SAMLv2 Failing with Zoom

      @robotdan Jay Swaminarayan!
      Thanx, however the issue was resolved yesterday, with the Required Lambda after trying multiple options.
      Here are the steps from scratch to follow for FusionAuth Configuration to work with ZOOM SSO

      The Steps to resolve this issue with FusionAuth & Zoom SSO
      Tested with FusionAuth Version: 1.19+

      Before FusionAuth, we would need Few settings from Zoom SSO

      1. Login to Zoom Account > My Account > Advanced > Single Sign-On > Enable
      2. Copy: Service Provider (SP) Entity ID setting, it should be either <vanity>.zoom.us or https://<vanity>.zoom.us/
      3. You will need this for configuring Fusion Auth, (Yes, Zoom will not allow to save SAML until all the fields are filled, don't worry, we will come there later. keep zoom settings page open)

      Now, lets create & configure FusionAuth App for zoom sso

      1. Login to FusionAuth with Admin Access
      2. Goto > Application > Create New Application As usual with Default Configuration.

      Note: Before Configuring SAML Settings in FusionAuth, we need to create

      • SHA-256 Certificate with Proper Issuer required by Zoom
      • An appropriate Lambda Function to match the Response expected by Zoom
        Follow these steps for both of this

      CREATE SHA-256 CERTIFICATE FOR ZOOM

      1. Go To > Settings > Key Master
      2. "Generate RSA" From Top Right Drop Button
      Name: Any Name, its for Identification, e.g. ZoomSAMLCertificateKey
      Issuer: <vanity>.zoom.us (Should match the value set in Zoom's SAML "Service Provider (SP) Entity ID" setting)
      Algorithm: RSA using SHA-256
      Key lenght: 2048
      
      1. Submit
        ==============================

      CREATE SAML Populate Lambda as Required by Zoom

      1. Go To > Customizations >Lambda > Add
      2. Create New Lambda from top right [+] button
      Name: Any Name for Identification: e.g. "SAML v2 Populate Lambda for Zoom App"
      Type: SAML v2 Populate
      Debug Enabled: as required
      

      Body:

              function populate(samlResponse, user, registration) {
                          samlResponse.assertion.subject.subjectConfirmation.notBefore = null;
                          samlResponse.assertion.conditions.notBefore = null;
              }
      
      1. Save
        ==============================

      Now, we are ready to configure SAML settings in our App

      1. Go To > Applications > Newly Created App > Enable SAML
      2. Configure SAML Settings as following
      Issuer: <vanity>.zoom.us (Should match the value set in Zoom's SAML "Service Provider (SP) Entity ID" setting)
      Audience: leave it blank (default)
      Callback URL (ACS): https://<vanity>.zoom.us/saml/SSO
      Logout URL: https://<vanity>.zoom.us/ (or where ever to redirect after logout)
      Signing key: Select the Key Generated in previous step e.g. "ZoomSAMLCertificateKey"
      XML signature canonicalization method: Exclusive
      Response populate lambda: Recently Created Lambda e.g. "SAML v2 Populate Lambda for Zoom App"
      Debug Enabled: as required
      

      Done, with FusionAuth, its ready for Zoom SSO

      Now come to Zoom Page and Copy required settings from FusionAuth

      1. You will have most details from the FusionAuth Application
      2. Go to > Applications List > Click 🔍 on our newly created Zoom App
      3. Scroll to "SAML v2 Integration details" section
      Get Zoom's SAML Settings from FusionAuth
      
      Zoom's Sign-in Page URL:     <---     FA's Login URL
      Zoom's Sign-out Page URL:     <---     FA's Logout URL
      Zoom's Service Provider (SP) Entity ID == Select whatever you choose earlier as Issuer during Certificate Creation
      Zoom's Issuer (IDP Entity ID):     <---     FA's Entity Id
      
      Zoom's Identity Provider Certificate:     <---     
      GoTo > FusionAuth's Settings > Key-Master > Click 🔍 on our Key generated for Zoom App
      the value in "Base64 encoded" is to be used for Zoom's Identity Provider Certificate	
      
      Zoom's Binding: HTTP-Redirect
      Zoom's Signature Hash Algorithm: SHA-256
      Zoom's Security: 
            Sign SAML request -- Unchecked
            Sign SAML Logout request -- Unchecked
            Support encrypted assertions -- Unchecked
            Enforce automatic logout after user has been logged in for -- Unchecked
            Save SAML response logs on user sign-in -- As Required
      Zoom's Provision User: At Sign-in (Default) or As Required
      
      1. [Save Changes] in Zoom
      2. It's DONE! It should work as intended.
        Note: there can be errors still, but mostly will not be related to SAML.
      posted in Q&A
      S
      sswami
    • RE: After Chrome 80+ Cookie Set SameSite=None requires 'Secure' in Android WebView doesn't seem to complete Authorize

      @dan
      Thanx again,

      The callback fails only when the user first login with google, later it works. Like my app therefore is receiving the redirect

      Edit:
      Also, the regular Username/Password login is working fine, so the AppAuth-Android catching redirect seems not to be the issue, i guess.

      posted in Q&A
      S
      sswami
    • RE: logout questions

      Hello Dan!

      Aah! that should work, with still having the /signin-back button to take me to the app.

      Thanx

      posted in Q&A
      S
      sswami