# Securing Admin Dashboard using SAML

  1. Generate Keystore for SearchBlox Service-Provider

  2. Configure Keystore, Identity-Provider metadata in SearchBlox

  3. Configure SAML authentication in SearchBlox

  4. Create Users in SearchBlox

  5. Get Service-Provider metadata

## **Generate Keystore for SearchBlox Service-Provider**

Create Keystore using the following command

## **Configure Keystore, Identity-Provider metadata in SearchBlox**

Get the Identity-Provider metadata file and place it into the following path: `<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/classes/*CUSTOM FOLDER*` (example:- saml/)

Example:- `<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/classes/saml/idp-metadata.xml` `<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox//WEB-INF/classes/saml/sb-samlKeystore.jks`

## **Steps in configuring SAML authentication in SearchBlox**

  • Go to `<SEARCHBLOX_INSTALLATION_PATH>/webapps/searchblox/WEB-INF/saml-config.yml` and provide relevant values for the fields as given:

The description of fields and the values to be provided in the saml-config.yml file

Column Title
Column Title
enablesamlauthGive the value as **true** to enable SAML authentication
keystorepathGive the Keystore file path. Example: If the files are placed in ../searchblox/WEB-INF/classes/saml then the Keystore path value should be Keystore path: saml/Keystore.jks
keystorepasswordPassword used when generating keystore
privatekeypasswordThe private password used when generating keystore
identityprovidermetadatapathThe path where the identity provider meta file is placed Example: If the files are placed in ../searchblox/WEB-INF/classes/saml then the keystore path value should be identityprovidermetadatapath: saml/testshib-providers.xml
searchbloxcontextSearchBlox location

## **Create Users in SearchBlox:**

This is to create roles for users in SearchBlox.

Important Information:

It is required to configure users before restarting SearchBlox.

Identity-Provider user has to be mapped with proper roles in SearchBlox. Therefore login to the SearchBlox admin

  • Navigate to “Admin” and select “Users” tab

  • Go to Add User Section

  • Provide username(should match with identity-Providers uid) and password then add the user based on your requirement.

## **Get Service-Provider metadata:**

It is required to configure service provider information into the identity provider. You can either upload the service provider metadata xml file into identity provider or update the details in the file into your identity provider Steps to generate the Service-Provider metadata file:

  • As in the previous steps make relevant changes to saml-config.yml and configure users.

  • Restart SearchBlox

  • Login to Admin console SearchBlox would redirect to Identity-Provider for authentication.

  • Service-Provider metadata file will now be available in the following path depending on your SearchBlox installation. If you are using tomcat: ` <tomcat installation dir>/bin/sp-metadata.xml` If you are using jetty: `<jetty home>/sp-metadata.xml`

  • Get the file and configure it into your Identity-Provider.

SearchBlox will be configured with SAML authentication for the admin dashboard after completing the preceding steps.

Important Note:

If the Service-Provider metadata file is not available in the path mentioned in the preceding step, then please restart the SearchBlox server after configuring saml-config.yml. Try to login to the SearchBlox admin console, after SearchBlox redirects to the Identity-Provider service for authentication you can check the Service-Provider metadata file (sp-metadata.xml) on the path mentioned earlier.