In Unomaly 3.3, the entire authentication flow has been revamped. If you are using the built-in user system, everything will be migrated and you shouldn't notice anything. If you are using SAML though, you will need to migrate the configuration manually. This is a guide to help you in that process.
First, look at the old configuration, which is located in /DATA/unomaly_saml.php on the instance. It can look something like this:
$saml_config = array(
// The identity provider id URL
'idp_entity_id' => 'https://accounts.google.com/o/saml2?idpid=abc123',
// The identity provider SSO login service
'idp_sso_service' => 'https://accounts.google.com/o/saml2/idp?idpid=abc123',
// The identity provider SSO logout service. Note that this can be left
// blank if you don't want to perform SSO logout from Unomaly.
'idp_slo_service' => '',
// The path to the public key for the identity provider, eg. /DATA/saml.pem
'idp_public_cert_path' => '/DATA/saml.pem',
// Require user to be part of certain group
// true: yes
// false: no
'require_group' => false,
// Default group if require_group is false
// 1: administrator
// 2: user
// 3: limited
'default_group' => 1,
// Group attribute name as configured in the IDP
'group_attribute' => '',
// Group name to be mapped to the administrator group
'group_admin' => '',
// Group name to be mapped to the user group
'group_user' => '',
// Friendly service name to show on the login screen
'name' => 'Login with Google',
// Autologin without having to click the login buton
'autologin' => true,
);
To setup the new SAML authentication, go to Settings --> Authentication in Unomaly and create a new SAML configuration, and then press Edit to modify the settings.
Fill out the form similar to this if your configuration is like the above.
Assertion Consumer Service (ACS)* | This is an auto-generated URL which you can use to update the configuration in your entity provider, such as Google or Microsoft ADFS. |
Service Provider Entity ID (Issuer)* | This field is auto-populated and should match the entity id in your identity provider. |
Single sign-on service* | https://accounts.google.com/o/saml2/idp?idpid=abc123 |
Certificate* | Copy the contents of the /DATA/saml.pem file |
Default role | Administrator |
Profile property name to define role | |
Administrator role | |
Standard role | |
Limited role |