Clareity Site Configuration (Clareity as IDP, Cobalt as SP) (Cobalt Staff)

Clareity is a Single-Sign-On dashboard used by many REALTOR associations to connect all of their various services. Because its primary function is SSO, configuring our product with it is one of the rare instances where we will not be the Identity Provider (IDP) in the SAML configuration.

Below are the steps we take to configure with Clareity:

Before You Start, identify your target Portal URL (example: or . You will replace XXXXXXXXXX with the portal URL



You will need to create a metadata file to send to your Clareity contact as follows: 

1. Open Notepad and paste the following code into a blank text file.  

<?xml version="1.0"?> 
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="XXXXXXXXXX/"> 
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol" WantAssertionsSigned="true"> 
<SingleLogoutService ResponseLocation="XXXXXXXXXX" Location="XXXXXXXXXX/authentication/saml/SingleLogoutService.aspx" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/> 
<SingleLogoutService ResponseLocation="XXXXXXXXXX" Location="XXXXXXXXXX/authentication/saml/SingleLogoutService.aspx" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/> 
<AssertionConsumerService Location="XXXXXXXXXX/authentication/saml/AssertionConsumerService.aspx" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" index="3"/> 

 2. Save as [ORG NAME] _sso_metadata_prod.xml  


Send XML to Clareity 

1. Send the metadata file you created to Clareity, who use the metadata on the configuration on their side, along with a request for:

a. The xml file they created

b. A test username and password 


After you receive Clareity XML and Test User, Create Settings 

Create a SAML Single Sign On Service Configuration Property, using the Clareity metadata for those values that are client dependent. For instruction on creating a SAML Single Sign On Service Configuration, refer to this Article: LINK


Create Test User

Create a contact in CRM with the portal username and password provided by Clareity. 


Testing and verification (Start Page URLS) 

In each of the URLS below, replace the Xs with your target portal URL as before and click on the following links. 

RAMCO Portal to Clareity Portal:

Clareity portal to RAMCO portal examples:  






Notify your Clareity contact by email that you have finished setting up and testing the SSO implementation.  Provide them with the updated URLs from above so they can test on their side.



FLEX MLS, managed by FBS inc. does not use the "username" for authentication, but uses the NRDS ID instead (see ZD23904, ZD24232, ZD49345).

Configuring for FLEX MLS requires all of the usual Clareity configurations above with a few specific changes:


1. Change the Single Sign on Service configuration to match this one:



a. Set the Assembly Name to FlexMlsSsoHotfix

b. Set the Class name to FlexMlsSsoHotfix.SAMLSingleSignonService

c. Add 3 additional Service Configuration properties to the normal list of 11 Properties:

1. ContactCrmUserNameField

Name - ContactCrmUserNameField

Type - System.String

Value - cobalt_username

Encrypt value - No

2. ContactFlexMlsUserNameField

Name - ContactFlexMlsUserNameField

Type - System.String

Value - ramco_nrdsid

Encrypt value - No

3. FlexMlsUserNameAttribute

Name - FlexMlsUserNameAttribute

Type - System.String

Value - flexmls_nrds_id

Encrypt value - No

Code (Visual Studio solution) for the hotfix is found at this directory path:  \\cobaltdata3\Cobalt\Documentation\Support\Workarounds\RAMCO\Flex MLS SSO Hotfix\ 

2. Add the FlexMlsSsoHotfix.dll file to the target portal site bin folder and to the client ISV, API /bin folders as well. (This must be compiled by a dev)

3. Add the files to the target portal site Authentication/SAML folder

4. Ask FBS to set the SSO Initiator URL to XXXXXXXXXX/Authentication/DefaultSingleSignon.aspx (where XXXXXXXX is the portal URL)

5. Because FLEX matches on NRDS ID but doesn't automatically add the NRDS ID value to the FLEX contact, choose a test contact in RAMCO, set the login credentials to the values provided by FBS, confirm that the contact has a NRDS ID (or generate one if it doesn't) and ask FBS to confirm that the same contact has the correct NRDS ID value in FLEX.

Once this is complete, you can test SSO.


This is still a standard SSO implementation so, even if the association is embedding widgetized Web Elements, the SAML plugin for their website must be configured with FLEX as the IDP. This task shouldn't be Cobalt responsibility since the website isn't performing SSO with Cobalt. However, let the requester know that the SAML requests that are sent to FLEX must be signed and that the NameID format must be set to Persistent.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk