Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:latest:applications:cornerstone [2016/07/19 12:10]
127.0.0.1 external edit
documentation:latest:applications:cornerstone [2017/02/07 17:06]
Line 1: Line 1:
-====== Cornerstone On Demand ====== 
- 
-{{ :​applications:​csod_logo.png |}} 
- 
-===== Presentation ===== 
- 
-[[http://​www.cornerstoneondemand.com/​|CornerStone On Demand (CSOD)]] allows to use SAML to authenticate users. It works by default with IDP intiated mechanism, but can works with the standard SP initiated cinematic. 
- 
-To work with LL::NG it requires: 
-  * An enterprise account 
-  * LL::NG configured as [[..idpsaml|SAML Identity Provider]] 
-  * Registered users on CSOD with the same email than those used by LL::NG (email will be the NameID exchanged between CSOD and LL::NG) 
- 
-===== Configuration ===== 
- 
-==== New Service Provider ==== 
- 
-You should have configured LL::NG as an [[..idpsaml|SAML Identity Provider]], 
- 
-Now we will add CSOD as a new SAML Service Provider: 
-  - In Manager, click on SAML service providers and the button ''​New service provider''​. 
-  - Set csod as Service Provider name. 
-  - Set ''​Email''​ in ''​Options''​ » ''​Authentication Response''​ » ''​Default NameID format''​ 
-  - Select ''​Metadata'',​ and unprotect the field to paste the following value: 
-<file xml> 
-<​md:​EntityDescriptor entityID="​mycompanyid.csod.com"​ xmlns="​urn:​oasis:​names:​tc:​SAML:​2.0:​metadata"​ xmlns:​ds="​http://​www.w3.org/​2000/​09/​xmldsig#"​ xmlns:​md="​urn:​oasis:​names:​tc:​SAML:​2.0:​metadata">​ 
-  <​SPSSODescriptor protocolSupportEnumeration="​urn:​oasis:​names:​tc:​SAML:​2.0:​protocol">​ 
-    <​KeyDescriptor use="​signing">​ 
-      <​ds:​KeyInfo xmlns:​ds="​http://​www.w3.org/​2000/​09/​xmldsig#">​ 
- <​ds:​X509Data>​ 
-   <​ds:​X509Certificate>​ 
-Base64 encoded CSOD certificate 
-     </​ds:​X509Certificate>​ 
-   </​ds:​X509Data>​ 
-      </​ds:​KeyInfo>​ 
-    </​KeyDescriptor>​ 
-    <​AssertionConsumerService Binding="​urn:​oasis:​names:​tc:​SAML:​2.0:​bindings:​HTTP-POST"​ Location="​https://​mycompanyid.csod.com/​samldefault.aspx"​ index="​1"​ /> 
-    <​NameIDFormat>​urn:​oasis:​names:​tc:​SAML:​1.1:​nameid-format:​emailAddress</​NameIDFormat>​ 
-  </​SPSSODescriptor>​ 
-</​md:​EntityDescriptor>​ 
-</​file>​ 
- 
-<note important>​Change **mycompanyid** (in ''​AssertionConsumerService''​ markup, parameter ''​Location''​) into your CSOD company ID and put the certificate value inside the ds:​X509Certificate markup</​note>​ 
- 
- 
-==== CSOD control panel ==== 
- 
-CSOD needs two things to configure LL::NG as an IDP: 
-  * Certificate 
-  * SAML assertion 
- 
-=== Certificate === 
- 
-See [[..:​samlservice#​security_parameters|SAML security parameters]] to know how generate a certificate from you SAML private key. 
- 
-=== SAML assertion === 
- 
-You need to use the IDP initiated feature of LL::NG. Just call this URL: 
-<​code>​ 
-https://​auth.example.com/​saml/​singleSignOn?​IDPInitiated=1&​sp=mycompanyid.csod.com 
-</​code>​