This article describes how to configure both Carousel and Auth0 in a scenario where Auth0 is used as an Identity Provider allowing Single Sign On in Carousel.
Instructions
Login to Auth0’s website and follow the instructions outlined in this guide https://auth0.com/docs/protocols/saml-protocol/configure-auth0-as-saml-identity-provider You will be manually configuring the SSO integration.
In a second browser window, log in to Carousel, navigate to Configure → Users → SSO Identity Providers → New.
Copy the Certificate.
Copy the Sign On Url.
From the Addon dialog, copy the Issuer Id.
Copy the Acs route into Auth0’s Addon dialog.
Selecting the SSO ONLY toggle will configure the system so that only site admins will be able to log in using an email/password.
Then, in Auth0’s Addon dialog, configure the Settings using the following values:
{ "mappings": { "email": "Email", "name": "Name", "given_name": "FirstName", "family_name": "LastName" }, "mapIdentities": false, "signatureAlgorithm": "rsa-sha256", "digestAlgorithm": "sha256", "signResponse": false, "typedAttributes": false, "includeAttributeNameFormat": false, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ] }
NOTE: Auth0 will default to sha1 algorithms which Carousel does not allow. The settings above ensure they are set to sha256.
Enable and Save at the bottom of Auth0’s Addon dialog.
Save your SSO provider form in Carousel.
Create any Carousel users ahead of time in Carousel, this will ensure they will be able to log in using the SSO provider.
You should be all set!