Group Details Private

administrators

Member List

  • RE: Jumpcloud SSO (idp) to Keycloak (sp)

    Mapping Groups from Jumpcloud

    In the above post we set up Jumpcloud SAML SSO auth to use Keycloak as the SP.
    In addition, it is sometimes helpful to include your jumpcloud groups in the SAML token. The following instructions should help enable this.

    Configure Jumpcloud

    • start by configuring your group to use the SSO App you created for SAML

    Screenshot 2022-11-26 at 11.51.30.png


    • Now update your SAML app to include group information:
      • Go to your SSO App
      • click on the SSO Tab and scroll to the bottom
      • tick the box for Group Attributes
      • give it a name like memberOf (can be any name but you will need this for keycloak)
      • click save

    Screenshot 2022-11-26 at 12.00.33.png


    Configure Keycloak

    • Open Keycloak admin portal for your realm
    • Click on Roles and create a new role e.g. saml-group

    Screenshot 2022-11-26 at 12.04.42.png


    • Click on Identity Providers and select the provider you created earlier (see above blog post)
    • Click on the Mappers tab
    • Click Create
    • Give it a name e.g. saml-group
    • select Sync Mode Overrride equal to force (this updates the groups associated with this account on every login)
    • Create a new Attributes using the Jumpcloud Group Attributes identifier, in this case memberOf as the key and your Jumpcloud group name as the key
    • Set Regex Attribute Values to On
    • Under Role, choose the role you created

    Screenshot 2022-11-26 at 12.11.52.png


    posted in Blogs
  • Jumpcloud SSO (idp) to Keycloak (sp)

    Jumpcloud SAML SSO to Keycloak

    So I recently had the challenge of setting up SAML authentication from Jumpcloud to an existing application that uses Keycloak (v18.x) as its authentication provider. As Keycloak can also be used as an identity provider the configuration can be a bit confusing.

    Keep in mind this quick tutorial assumes that you already have an existing Keycloak client which you are using to authenticate your service. Details of building a client are outside the scope of these instructions.

    So lets get into it...

    Variables and Standards

    The first thing we need to do is decide on some common variables and standards for this tutorial. Moving forward when referencing user defined variable we will wrap them in moustaches e.g. {{var_here}}

    • iDpID: idp-jumpcloud-saml (ID Provider ID)
    • BaseURL: keycloak.example.com (base url of your Keycloak instance)
    • RealmName: myrealm (Keycloak realm name)
    • RealmClient: myclient
    • SPID: sp-jumpcloud-saml (Service Provider ID)
    • AppID: mysaml (Display label of your Jumpcloud App)
    • SPAppUrl: https://unogs.com

    Configure Jumpcloud

    • Login to the Jumpcloud admin interface
    • Click on SSO
    • Click the large green + button
    • Click Custom SAML App (bottom of page)
    • Fill out your display label with {{JDSID}}
    • Fill in a description if you want
    • Click on the SSO Tab
    • fill in IdP Entity ID with {{iDpID}}
    • fill in SP Entity ID with {{SPID}}
    • fill in ACS URL: https://{{BaseURL}}/realms/{{RealmName}}/broker/{{iDpID}}/endpoint
    • select SAMLSubjectNameID: as username

    Screenshot 2022-11-25 at 15.39.51.png


    • select Signature Algorithm as RSA-SHA256
    • fil in Login URL as https://{{BaseURL}}/realms/{{RealmName}}/protocol/openid-connect/auth?response_type=code&client_id={{RealmClient}}&scope=openid&redirect_uri={{SPAppURL}}&kc_idp_hint={{SPID}}
      • note: if you want to see your previous keycloak login screen remove: kc_idp_hint
    • tick Sign Assertion
    • fill in IDP URL with {{APPID}}
    • Add the following User Attributes:
      • value email select email
      • value firstname select firstname
      • value lastname select lastname
    • e.g.

    Screenshot 2022-11-25 at 15.43.22.png


    • click activate
    • click on your newly created APP
    • click on the User Groups tab and select the group you want to give the above app access to.
    • click on the SSO tab
    • click Export Metadata, an xml called JumpCloud-saml.xml file will be saved locally

    Configure Keycloak

    Via the admin portal:

    • click Identity Providers
    • select Add Provider and select SAML v2.0
    • change Alias to {{iDpID}}
    • e.g.

    Screenshot 2022-11-25 at 14.39.35.png


    • change Service Provider Entity ID to {{SPID}}
    • scroll to bottom of the page, select Select File and choose JumpCloud-saml.xml
    • click Import
    • click Save
    • e.g.

    Screenshot 2022-11-25 at 15.33.46.png


    • go back into newly created provider and click the Mappers tab
    • do the following for email, firstname and lastname
      • click create
      • give it a name
      • change Mapper type to attribute importer
      • fill in Attribute Name to type (email, firstname, lastname)
      • fill in Friendly Name to type (email, firstname, lastname)
      • select ATTRIBUTE_FORMAT_UNSPECIFIED
      • fill in User Attribute Name kctype (email,firstName,lastName)

    Screenshot 2022-11-25 at 14.41.00.png


    Wrap UP

    If everything went as planned, the above configuration should allow your users to click on a new app in their jumpcloud console and it will automatically login via your existing client. For new users this configuration should also automatically populate user details in the JWT.

    If you have any questions or anything doesn't work as expected feel free to email me at admin@unogs.com

    posted in Blogs
  • RE: Need access to a database for school project

    https://rapidapi.com/unogs/api/unogs/ this requires some basic experience with web API's but will provide all the information you need... there is a free daily quota but it does require a credit card.

    posted in Comments & Feedback
  • RE: REPORTING SCAMMING CONTENT

    thanks, deleted

    posted in Comments & Feedback
  • RE: Episode translation to IMDb ID

    we do not currently support IMDB on individual episodes..

    posted in Netflix API Details
  • RE: How to get the latest images from a title? Looks like the API hasn't been updated with the new ones

    we will look into this and let you know

    posted in Netflix API Details
  • RE: No updates for several regions

    this should be resolved now...

    posted in Comments & Feedback
  • RE: Hong Kong region in Country Details not updating posted in Comments & Feedback
  • Take advantage of our partnership with PureVPN!

    All,

    We have recently started working directly with PureVPN in order to offer the best VPN experience for watching Netflix.

    If you want to support uNoGS and need a great VPN provider please click on the link below and use the offer code unogs20 to get an additional 20% off your purchase!

    Click Here to Check out PureVPN

    Kind Regards

    -Admin

    posted in Announcements