You can customize your system configuration as required. You carry out this part of the configuration in ARIS Administration.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
Use SAML
Specifies whether an SAML-based login is allowed. This corresponds to the following property: com.aris.umc.saml.active
Binding
Specifies the binding used for sending authentication requests to the identity provider. Defines how the redirecting of the authentication is performed. The options are Redirect or POST. This corresponds to the following property: com.aris.umc.saml.binding
Identity provider ID
Specifies the ID of the identity provider. This corresponds to the following property: com.aris.umc.saml.identity.provider.id
Service provider ID
Specifies the ID of the service provider. This corresponds to the following property: com.aris.umc.saml.service.provider.id
Single sign-on URL
Specifies the end point of the identity provider that is used for single sign-on. This corresponds to the following property: com.aris.umc.saml.identity.provider.sso.url
Single logout URL
Specifies the end point of the identity provider that is used for single log-out. This corresponds to the following property: com.aris.umc.saml.identity.provider.logout.url
Enforce signing of assertions
Enforces that SAML assertions must be signed. If set, all assertions received by the application must be signed. Assertions sent by the application are signed. This corresponds to the following property: com.aris.umc.saml.signature.assertion.active
Enforce signing of requests
Enforces that the SAML authentication requests must be signed. If set, all requests received by the application must be signed. Requests sent by the application are signed. This corresponds to the following property: com.aris.umc.saml.signature.request.active
Enforce signing of responses
Specifies whether the SAML authentication response must be signed or not. This corresponds to the following property: com.aris.umc.saml.signature.resonse.active
Enforce signing of metadata
Enforces that the SAML metadata must be signed. If set, the service provider metadata file provided by the application is signed. This corresponds to the following property: com.aris.umc.saml.signature.metadata.active
Signature algorithm
Specifies the algorithm for the signature. The algorithm can be selected from the list. This corresponds to the following property: com.aris.umc.saml.signature.algorithm
Keystore
Specifies the location of the keystore file used for validating SAML assertions. The keystore must have been uploaded previously. This corresponds to the following property: com.aris.umc.saml.keystore.location
Upload
Opens the Keystore dialog.
Alias
Specifies the alias name that is used to access the keystore. This corresponds to the following property: com.aris.umc.saml.keystore.alias
Password
Specifies the password that is used to access the keystore. This corresponds to the following property: com.aris.umc.saml.keystore.password
Type
Specifies the type of the keystore to be used. The keystore type can be selected from a list. This corresponds to the following property: com.aris.umc.saml.keystore.type
Truststore
Specifies the location of the truststore file used for validating SAML assertions. The keystore must have been uploaded previously. This corresponds to the following property: com.aris.umc.saml.truststore.location
Upload
Opens the Truststore dialog.
Alias
Specifies the alias to be used for accessing the truststore. This corresponds to the following property: com.aris.umc.saml.truststore.alias
Password
Specifies the password to be used for accessing the truststore. This corresponds to the following property: com.aris.umc.saml.truststore.password
Type
Specifies the type of the truststore. This corresponds to the following property: com.aris.umc.saml.truststore.type
Login using DN
Specifies whether login is to be tried using the fully qualified name instead of the user name. This corresponds to the following property: com.aris.umc.saml.login.mode.dn.active
Decompose DN
Specifies whether the fully qualified name is to be decomposed. This corresponds to the following property: com.aris.umc.saml.login.mode.keyword.active
Keyword
Specifies which part of the fully qualified name is to be used for login. This corresponds to the following property: com.aris.umc.saml.login.mode.keyword.name
Authentication context classes
Specifies the authentication context classes to request, meaning which strength of the authentication is defined. For example, you specify that users must use Kerberos if you define Microsoft® Windows as the Authentication context class and the Authentication context comparison as exact. This corresponds to the following property: com.aris.umc.saml.auth.context.class.refs
Authentication context comparison
Specifies the authentication context comparison to request, meaning you specify whether other authentication procedures are allowed or not. For example, you specify that users must use Kerberos if you define Microsoft® Windows as the Authentication context class and the Authentication context comparison as exact. This corresponds to the following property: com.aris.umc.saml.auth.context.comparison
NameID format
Specifies in which format the user ID is transferred to ARIS Administration. This corresponds to the following property: com.aris.umc.saml.auth.nameid.format
Automatically create user
Defines whether or not the user specified in the SAML assertion should be created automatically if the user does not already exist. The default value is false. The following restrictions apply to automatically created users:
Clock skew
Specifies the time offset between identity provider and service provider in seconds. Assertions are accepted if they are received within the permitted time frame. This corresponds to the following property: com.aris.umc.saml.assertion.timeoffset
Assertion lifetime
Specifies the maximum lifetime of a SAML assertion in seconds. This corresponds to the following property: com.aris.umc.saml.assertion.ttl
Default tenant
Specifies the default tenant that is to be used for the SAML-based login. This corresponds to the following property: com.aris.umc.saml.tenant
The Cross-tenant symbol indicates that the settings made apply to all tenants on this server and cannot be changed.
You have customized your system configuration.
See also