Completed

SAML Authentication

Stephen Akinpelumia

January 29, 2020 12:21

We would like to see if Two Factor Authentication for PROOF access can be set to work with our NIH TFA login page instead of Google Authentication. Please review the information below and let us know when we can schedule a meeting with eRA SE staff to discuss this...

Enable 2-factor Authentication for SE Tools

Steps Involved

1. First and foremost, NIH Federated SSO will authenticate users and return User Principle Name (upn) and not Common Name (cn). If your tool currently is setup to have cn as username then that has to be changed to be upn for username.

2. Submit a NIH helpdesk ticket to the CIT IAM team, separate ticket is needed for every instance.

3. Provide SAML Service provider information

- Either "Metadata Link", or
- Consumer Service URL and Entity ID

4. CIT IAM may request more information. They typically take up to a week or two to complete the work. Production instance will only be worked on Wednesday nights.

5. CIT IAM will return Identity Provider assertion xml file that can be imported into the Service Provider SAML setup or information need to be extracted from the assertion file to be added to tool SAML setup.

Note -

Depending on the Service Provider tool, you may want to setup a fallback url to authenticate using username and password. This is the fallback option in event of SAML being down.

Make sure any scripts or System to System interaction with the tool will not be impacted due to the SAML setup.

This is currently enabled at eRA for -

JFrog tools - Artifactory and Xray
Atlassian tools - Jira, Confluence and Bitbucket

4 comments

Joseph Hamdan January 29, 2020 12:26

Stephen,

We appreciate users requesting enhancements. We are evaluating your request and will provide updates, hopefully soon.

Regards,

Subject7 Team

Stephen Akinpelumia May 07, 2020 21:42

Hello, please see followup from eRA

From: Akinpelumi, Stephen (NIH/OD) [E]
Sent: Monday, May 4, 2020 11:26 AM
To: Rex Feizi <rex@subject-7.com>; Payam Fard (payam@subject-7.com) <payam@subject-7.com>
Subject: 2-Factor Authentication (2FA) for PROOF

Hello, please see question from Thurston below..

All of our eRA tools have to use 2FA by July 18th. In order for it to work with PROOF we need to find out the answers to the following:

Does Subject 7 support SAML login (needed for integration with IAM login page)?

- Need a write up/documentation for how to integrate with SAML.

- Need details for how to map back to the internal PROOF roles

If SAML is not supported, what kind of support do they have for custom login pages, i.e. NIH Login Page? (please see screenshot below).

I had previously provided instructions for this (please see attached email), thanks.

Joseph Hamdan May 08, 2020 11:01

Hi Stephen,

Would it be possible to send us a video recording that shows how you perform authorization with JIRA ?

Regards,

Subject7 Team

Joseph Hamdan August 23, 2022 08:15

Marking this request as Completed. SAML/LDAP documentation:

https://subject7.atlassian.net/wiki/spaces/SD/pages/2323120195/LDAP+SAML+Authentication

Regards,
Subject7 Team

Please sign in to leave a comment.