cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki Systems Manager and OneLogin OpenID integration

Highlighted
Conversationalist

Meraki Systems Manager and OneLogin OpenID integration

Hello Community,

 

We have been struggling for few weeks now in order trying to integrate OneLogin OpenID and Meraki Systems Manager. Unfortunately there is not too much documentation around, and the Meraki Support seems to struggle with the topic as well being not able to guide us further. Our decision to move forward is depending on the OpenID integration as it is mandatory and OneLogin is already integrated with MFA.

 

Is there anyone else in the Community who has managed to integrate these two already?

 

Many thanks,

-Sam

7 REPLIES 7
Kind of a big deal

Re: Meraki Systems Manager and OneLogin OpenID integration

Conversationalist

Re: Meraki Systems Manager and OneLogin OpenID integration

Many thanks, I have seen that documentation. It does not reflect to the issue we are facing; it is about SSO to the Dashboard itself. We have that in place already and it works well.

 

What we are looking for is Device Enrollment authentication with Systems Manager using OpenID -- the documentation available does not talk too much about it. 

 

https://documentation.meraki.com/SM/Device_Enrollment/SM_Enrollment_Authentication#OpenID_Connect

 

OneLogin support has verified the settings are OK. We get at this point "Authentication error" from Meraki side. Would need live troubleshooting from Meraki side now, in order to tackle what goes wrong with the auth request. Looks as well there is less integration done using OpenID as there is not too much documentation to be found and the Meraki Support is neither not able to bring much more to resolution.

 

Thanks,

-Sam

Meraki Employee

Re: Meraki Systems Manager and OneLogin OpenID integration

Hi @Alpinweiss_3 , do you have a case number associated with this issue? I can't guarantee anything, but perhaps I can do some digging from my side with that info.

Conversationalist

Re: Meraki Systems Manager and OneLogin OpenID integration

Hi @Noah_Salzman sure I do have: 04333123. 

 

Below the OpenID Settings we have worked out with OneLogin support:

 

Authorization Endpointhttps://openid-connect-eu.onelogin.com/oidc/auth
Token Endpointhttps://openid-connect-eu.onelogin.com/oidc/token
Client ID0e0df7a0-cb3d-0137-6893-06d0ac4aaaaaa37165
Token Issuer Claimhttps://openid-connect-eu.onelogin.com/oidc/me
Public Keys Endpointhttps://openid-connect-eu.onelogin.com/oidc/certs
Public Keys FormatJWK

(Client ID tokent has been tampered for above sample)

 

This setup results, as tested, to "Authentication Timeout or Invalid Credentials. Please Try Again." when trying to login via Device Enrollment.

 

Best regards,

-Sam

 

 

Meraki Employee

Re: Meraki Systems Manager and OneLogin OpenID integration

So, a couple of things: I'm not familiar with OneLogin, but recently did an integration with PingID fed and ran into a couple of things not documented.

 

1. You have to send the X.509 cert in the SAML insertion. 

2. Ensure that the right encoding is used in the SAML insertion also

 

Screenshot 2019-10-30 at 16.50.01.png

(sorry for the heavy redaction)

 

If you go to Org > Administrators > SAML login history, you should be able to get the raw SAML XML

Conversationalist

Re: Meraki Systems Manager and OneLogin OpenID integration

Hello,

 

Many thanks -- as said, the SAML authentication is working fine for us and we are not looking to resolve that. OpenID is meant for Systems Manager "User authentication". There is no option for inserting X.509 in OpenID configuration either.

 

I am not familiar with OpenID, however OneLogin support has confirmed their side is fine and Meraki Systems Manager spits an error. We have made traces out of it. In SAML Login history I am not seeing the OpenID login attempts, as I would guess since it is not SAML what we are trying to achieve here.

 

Thank you,

-Samuli

T1
Getting noticed

Re: Meraki Systems Manager and OneLogin OpenID integration

I was in the same situation trying to setup OpenID with Okta. Meraki support acknowledged that there was a problem on their side, dev team applied a fix which didn't fix anything. After a while we just gave up, as working OpenID auth is not a pressing issue at the moment.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels