![]() ![]() So my advice is to enable SAML debugging on Rocket.chat. ![]() However that was not straight forward and it took several rounds of debugging, checking the logs, checking the source code, restarting the server. That is all it took for me to get SAML working for Rocket Chat using GSuite as an identity provider. Click on “TEST SAML LOGIN” to test the configuration. On the last page of the GSuite wizard map “Primary Email” to “email” and to “username”, “First Name” to “cn”. Let’s keep the default value on Rocket.Chat. Now we have to map the identity values from GSuite to the identity values on Rocket.Chat.Step 3 of the Wizard asks for “ACS URL” and the “Entity ID”.Change “Signature Validation Type” to “Validate Assertion Signature”, this can be changed later if you need to validate all all signatures.Make sure to delete the - BEGIN CERTIFICATE- END CERTIFICATE. In the “Custom Certificate” in Rocket.chat SAML settings, paste the certificate from the G-Suite Wizard.Custom issuer will be the url of your rocket chat followed by /_saml/metadata/ followed by the value you chose for “Custom Provider”, for example:.Both “Custom Entry Point” and “IDP SLO Redirect URL” should have the “SSO URL” from the G-Suite Wizard.in “Custom Provider” type a name such as “gsuite-rocket.chat” this name will be used as the last part of the “Custom Issuer” field.So login as an admin to Rocket.chat and open the SAML configuration page of the administration settings here: Now step 2 of the Wizard provides you with the information necessary for setting up Rocket.chat to use G-suite as the identity provider.This is for your reference and will be helpful in case you had many custom SAML apps. The “Add custom SAML app” wizard starts.Click on SAML apps then click on “Add App” then chose “Add custom SAML app”.Then we need to configure the Rocket.Chat instance to use G-Suite as the identity provider. To use G-Suite as an identity provider for the service provider Rocket.Chat we need to register the Rocket.Chat instance as a new service provider in the G-Suite Admin Console. All good reasons behind the motivation for writing this how-to guide. It was not easy and the documentation did not provide much help. It took several hours of searching, reading, and testing until I manage to get it working. At the time of writing this post, I could not find any. The decision was made quickly and I started looking up for resources on setting up SAML for G-Suite and Rocket.chat. With SAML employee have to worry about one account only across all services at the organization. It also simplifies the login process on all members of the organization. Using G-Suite accounts to login to other apps and services reduce the workload on the IT security team as they need to worry about enforcing account policy of G-Suite and nothing else, at the same time it reduces the attack surface. Web-browser Signle Sign-On (SSO) is an important use case that SAML addresses, and it is one of the nice features that using G-Suite provides. At that moment I remembered hearing about using Gsuite for web-browser Single Sign-On (SSO) using SAML.įrom the Wikipedia page, Security Assertion Markup language (SAML) is an open standard for exchanging authentication and authorization data between parties, in particular, between identity provider (G-Suite in our case) and service provider (Rocker.Chat). While setting up Rocket.chat for my company Simula, an IT services startup, the IT department raised several concerns about enforcing security policy for accounts on the Rocket.chat instance, and about the overhead and the increased attack surface that they have to deal with. The only competitor in that category is maybe Mattermost. This makes it ideal for use within organizations and companies. Rocket.Chat is a great alternative for slack (and other similar apps) that is free, open-source and can be self-hosted and was designed with Cyber Security in mind. However, apps suck as Slack are used for chatting within the organizations. The gmail webmail, Google drive and Documents, Meet, Calendar and other many services. Many companies and organisation uses G-Suite (now workspaces) from Google for the many apps and features the package provides to the organizations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |