fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard
verified publisher icon FusionAuth

Support SAML Zoom SSO

Open robotdan opened this issue 5 years ago • 3 comments

Support SAML Zoom SSO

Description

Ensure FusionAuth can be used as an IdP with Zoom. https://support.zoom.us/hc/en-us/articles/201363003-Getting-Started-with-SSO

Ideally build an example configuration in the documentation. https://fusionauth.io/docs/v1/tech/identity-providers/samlv2/

This may work already, if anyone can confirm they have this working or if you have run into issues post them here.

Additional context

Initial thread / question https://www.reddit.com/r/Zoom/comments/go3s19/sso_with_fusionauth/

FusionAuth forum post https://fusionauth.io/community/forum/topic/113/zoom-and-sso-lambda-writing

Related Issues

  • https://github.com/FusionAuth/fusionauth-issues/issues/522

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

robotdan avatar May 22 '20 22:05 robotdan

I think this should work.

robotdan avatar Oct 07 '21 15:10 robotdan

I had a 40 days of Engineering support for Zoom Level 3 Support 10 months ago. The following would enable anyone to setup FusionAuth as Idp for Zoom SSO

The Steps to resolve this issue with FusionAuth & Zoom SSO Tested with FusionAuth Version: 1.19+

Before FusionAuth, we would need Few settings from Zoom SSO

  1. Login to Zoom Account > My Account > Advanced > Single Sign-On > Enable
  2. Copy: Service Provider (SP) Entity ID setting, it should be either .zoom.us or https://.zoom.us/
  3. You will need this for configuring Fusion Auth, (Yes, Zoom will not allow to save SAML until all the fields are filled, don't worry, we will come there later. keep zoom settings page open)

Now, lets create & configure FusionAuth App for zoom sso

  1. Login to FusionAuth with Admin Access
  2. Goto > Application > Create New Application As usual with Default Configuration.

Note: Before Configuring SAML Settings in FusionAuth, we need to create

  • SHA-256 Certificate with Proper Issuer required by Zoom
  • An appropriate Lambda Function to match the Response expected by Zoom Follow these steps for both of this

=================CREATE SHA-256 CERTIFICATE FOR ZOOM==================

  1. Go To > Settings > Key Master
  2. "Generate RSA" From Top Right Drop Button

Name: Any Name, its for Identification, e.g. ZoomSAMLCertificateKey Issuer: .zoom.us (Should match the value set in Zoom's SAML "Service Provider (SP) Entity ID" setting) Algorithm: RSA using SHA-256 Key lenght: 2048

  1. Submit =============================================================================

=================CREATE SAML Populate Lambda as Required by Zoom==================

  1. Go To > Customizations >Lambda > Add
  2. Create New Lambda from top right [+] button

Name: Any Name for Identification: e.g. "SAML v2 Populate Lambda for Zoom App" Type: SAML v2 Populate Debug Enabled: as required Body:

function populate(samlResponse, user, registration) {
  samlResponse.assertion.subject.subjectConfirmation.notBefore = null;
  samlResponse.assertion.conditions.notBefore = null;
}
  1. Save =============================================================================

Now, we are ready to configure SAML settings in our App

  1. Go To > Applications > Newly Created App > Enable SAML
  2. Configure SAML Settings as following

Issuer: .zoom.us (Should match the value set in Zoom's SAML "Service Provider (SP) Entity ID" setting) Audience: leave it blank (default) Callback URL (ACS): https://.zoom.us/saml/SSO Logout URL: https://.zoom.us/ (or where ever to redirect after logout) Signing key: Select the Key Generated in previous step e.g. "ZoomSAMLCertificateKey" XML signature canonicalization method: Exclusive Response populate lambda: Recently Created Lambda e.g. "SAML v2 Populate Lambda for Zoom App" Debug Enabled: as required

Done, with FusionAuth, its ready for Zoom SSO

Now come to Zoom Page and Copy required settings from FusionAuth

  1. You will have most details from the FusionAuth Application
  2. Go to > Applications List > Click 🔍 on our newly created Zoom App
  3. Scroll to "SAML v2 Integration details" section

Get Zoom's SAML Settings from FusionAuth

Zoom's Sign-in Page URL: <--- FA's Login URL Zoom's Sign-out Page URL: <--- FA's Logout URL Zoom's Service Provider (SP) Entity ID == Select whatever you choose earlier as Issuer during Certificate Creation Zoom's Issuer (IDP Entity ID): <--- FA's Entity Id

Zoom's Identity Provider Certificate: <--- GoTo > FusionAuth's Settings > Key-Master > Click 🔍 on our Key generated for Zoom App the value in "Base64 encoded" is to be used for Zoom's Identity Provider Certificate

Zoom's Binding: HTTP-Redirect Zoom's Signature Hash Algorithm: SHA-256 Zoom's Security: Sign SAML request -- Unchecked Sign SAML Logout request -- Unchecked Support encrypted assertions -- Unchecked Enforce automatic logout after user has been logged in for -- Unchecked Save SAML response logs on user sign-in -- As Required Zoom's Provision User: At Sign-in (Default) or As Required

  1. [Save Changes] in Zoom
  2. It's DONE! It should work as intended. Note: there can be errors still, but mostly will not be related to SAML.

satsangswami avatar May 03 '22 17:05 satsangswami

Thank you @satsangswami ! I'll see about pulling this over into our docs. Much appreciated.

mooreds avatar May 03 '22 18:05 mooreds