Skip to Content

Integrate AWS SSO with Jumpserver

Integrate AWS SSO in Ezeelogin SSH  Gateway

1.  Login to AWS console >  select AWS Single Sign-On and click on Applications

 

2. Click on Add Application

 

 

3. Click on Add a custom SAML 2.0 application

 

 

 

4. Configure Custom SAML 2.0 application. Add Display name & Description

 

 

5. Add Application properties & Application metadata 

 

A. Fill the Application start URL .   You can find it from Ezeelogin GUI > Settings > SAML> Entity ID 

 

B. Fill the  Application start URL & Click on If you don't have a metadata file, you can manually type your metadata values.

 

 

Fill the  Application ACS URL &    Application SAML audience

Application ACS URL -  Assertion Consumer Service URL ( you can find it from Ezeelogin GUI > Settings > SAML> Assertion Consumer Service URL)

Application SAML audience -  Entity ID  ( you can find it from Ezeelogin GUI > Settings > SAML> Entity ID  )

 

Click on save changes.

 

6.   Click on Attribute Mappings and Add attributes as follows.

   

 

Add attributes

 

A. Add ${user:email} and select emailAddress Format

B. Click on Add new attribute mapping   and add email to first column, ${user:email} to next column & select unspecified Format and save.

 

7.  Add and assign users to access our application.

 

A.  Add user : Click on Add user in  Users tab in aws sso console

 

 

B.  Add Username, Password, Email address, First name, Last name & Display name and Click Next. Assign to a usergroup and Save. 

You need to add different email address for each users. By default ezeelogin uses email address for creating  users. You should an email address for superadministrator in ezeelogin(It will be empty by default )

If you want to add an existing user in ezeelogin into SSO, Add the user with exact username, email address as follows. (Ezeelogin will verify with the email address of the users by default)

 

 

 

 

C.   Click on Assigned users tab and click on Assign users button to assign users to this application.

 

 

 

 

8.  Add  SAML Identity Provider (IdP) Settings on Ezeelogin.

 

Copy the AWS SSO SAML  metadata url   and paste it  to Metadata URL  on Ezeelogin GUI > Settings > SAML Metadata URL and click on the fetch button ,It will autofill the SAMLsettings  and Save it.

 

 

Paste the Metadata URL  on Ezeelogin GUI > Settings > SAML Metadata URL and click on the  Fetch button & save it.

 

 

9.  Change Web panel Authentication to SAML from Ezeelogin GUI > Settings > General > Web Panel Authentication > SAML
 


 

10. Enable Autocreate user from   Ezeelogin GUI > Settings > General > Security > Enable Auto create user

 

 

 

You can now login to ezeelogin GUI with ezeelogin URL and it will redirect to aws sso page. You must log in with aws sso credentails and it will redirect and log in to ezeelogin gui after successful authentication.

 

 

 

Note: SAML is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.

 

Saml authentication is not supported for slave if the URL is IP-based.If you want to authenticate  slave using saml you have to use domain name