Procedure

Prerequisite

You have the Technical configuration administrator function privilege.

Server

Enable SSO for the servers (SAML)

Prerequisite

You have the Technical configuration administrator function privilege.

Procedure

  1. Start ARIS.

  2. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

  3. Click User management.

  4. Click the arrow next to SAML.

  5. Click General.

  6. Click Edit Edit.

  7. Enable Use SAML.

  8. Enter the ID of the identity provider in the Identity provider ID field.

  9. Enter the ID of the service provider in the Service provider ID field, for example UMC@<server name>.

  10. Enter the end point of the identity provider that is used for single sign-on in the Single sign-on URL field.

  11. Enter the end point of the identity provider that is used for single log-out in in the Single logout URL field.

  12. Click Save Save.

Optional SAML settings

  1. Click Signature.

  2. Click Edit Edit.

  3. Enable the check box of the options you want to set:

    • Enforce signing of assertions

    • Enforce signing of requests

    • Enforce signing of responses

    • Enforce signing of metadata

    • Select signature algorithm

  4. Click Save Save.

You have enabled the signing. If you have enabled this option, you must configure the truststore.

Optional: Configure the keystore

  1. Click Keystore.

  2. Click Upload. The dialog opens. Select the keystore file on your file system and click Upload.

  3. Click Edit Edit.

  4. Configure your keystore.

  5. Click Save Save.

You have configured the keystore.

Share the service provider (SP) metadata

  1. Click General.

  2. Send the service provider ID to your identity provider (IDP).

Configure SAML using identity provider (IDP) metadata

  1. Click General.

  2. Click Edit Edit.

  3. Enter the identity provider ID.

  4. Click Save Save.

Optional: Configure the truststore

  1. Click Truststore.

  2. Click Upload. The dialog opens. Select the truststore file on your file system and click Upload.

  3. Click Edit Edit.

  4. Configure your truststore.

  5. Click Save Save.

You have configured the truststore.

Configure the user attributes

  1. Click User attributes.

  2. Click Edit Edit.

  3. Specify the attribute fields, for example, the first name, the last name, or the e-mail.

  4. Click Save Save.

You have configured the user attributes.

Register ARIS as a trusted service provider

Establish a circle of trust between the identity provider and the service provider.

Procedure

  1. Open a browser.

  2. Enter the following URL into the address bar:

    https://<SERVERNAME>/umc/rest/saml/metadata.xml?tenant=<TENANTID>

    You get a metadata file. Save this file as an XML file.

  3. Send the metadata file to your SAML identity provider that the metadata can be uploaded.

Your system is configured to be used with single sign-on and SAML.

Troubleshooting

You can find detailed information on SAML authentication issues in the log files of ARIS Administration located in

<Your installation folder>\ARIS10.0\server\bin\work\work_umcadmin_<size>\base\logs

Example

C:\SoftwareAG\ARIS10.0\server\bin\work\work_umcadmin_m\base\logs