Procedure

Prerequisite

Server

Enable SSO (SAML)

Procedure

  1. Open ARIS Advanced.

  2. Click Application launcher Application launcher > Administration Administration.

  3. Click Configuration management.

  4. Click Single sign-on.

  5. Under General, enable Enable single sign-on.

  6. Enter the ID of the identity provider in the Identity provider ID field.

  7. Enter the ID of the service provider in the Service provider ID field, for example UMC@<server name>.

  8. Enter the end point of the identity provider that is used for single sign-on in the Single sign-on URL field.

  9. Enter the end point of the identity provider that is used for single log-out in in the Single logout URL field.

  10. Click Save Save.

Optional SAML settings

  1. Under Signature, enable the options you want to set:

    • Enforce signing of assertions

    • Enforce signing of requests

    • Enforce signing of responses

    • Enforce signing of metadata

    • Select signature algorithm

  2. Click Save Save.

You have enabled the signing. If you have enabled this option, you must configure the truststore.

Optional: Configure the keystore

  1. Under Keystore, click Upload Upload.

  2. Click Upload. The dialog opens. Select the keystore file on your file system and click Upload.

  3. Configure your keystore.

  4. Click Save Save.

You have configured the keystore.

Share the service provider (SP) metadata

  1. You can find the service provider metadata under General. Send the service provider ID to your identity provider (IDP).

Configure SAML using identity provider (IDP) metadata

  1. Under General, enter the identity provider ID.

  2. Click Save Save.

Optional: Configure the truststore

  1. Under Truststore, click Upload Upload. The dialog opens. Select the truststore file on your file system and click Upload.

  2. Configure your truststore.

  3. Click Save Save.

You have configured the truststore.

Configure the user attributes

  1. Under User attributes, specify the attribute fields, for example, the first name, the last name, or the e-mail.

  2. Click Save Save.

You have configured the user attributes.

Optional: Advanced settings

  1. Under Advanced settings, configure:

    • Authentication context classes

    • Authentication content comparison

    • NamedID format

    • Clock skew (in seconds)

    • Assertion lifetime (in seconds)

  2. Click Save Save.

You have configured the advanced settings.