Prerequisite
You have the Technical configuration administrator function privilege.
Server
The SAML identity provider supports the HTTP POST binding as specified by the SAML 2.0 specification.
SSO must be configured for the servers.
You only have access to the metadata XML file if SAML is enabled.
ARIS must be registered as a trusted service provider at the SAML identity provider.
Client
Your web browser supports JavaScript.
Enable SSO for the servers (SAML)
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
Start ARIS.
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User management.
Click the arrow next to SAML.
Click General.
Click Edit.
Enable Use SAML.
Enter the ID of the identity provider in the Identity provider ID field.
Enter the ID of the service provider in the Service provider ID field, for example UMC@<server name>.
Enter the end point of the identity provider that is used for single sign-on in the Single sign-on URL field.
Enter the end point of the identity provider that is used for single log-out in in the Single logout URL field.
Click Save.
Optional SAML settings
Click Signature.
Click Edit.
Enable the check box of the options you want to set:
Enforce signing of assertions
Enforce signing of requests
Enforce signing of responses
Enforce signing of metadata
Select signature algorithm
Click Save.
You have enabled the signing. If you have enabled this option, you must configure the truststore.
Optional: Configure the keystore
Click Keystore.
Click Upload. The dialog opens. Select the keystore file on your file system and click Upload.
Click Edit.
Configure your keystore.
Click Save.
You have configured the keystore.
Share the service provider (SP) metadata
Click General.
Send the service provider ID to your identity provider (IDP).
Configure SAML using identity provider (IDP) metadata
Click General.
Click Edit.
Enter the identity provider ID.
Click Save.
Optional: Configure the truststore
Click Truststore.
Click Upload. The dialog opens. Select the truststore file on your file system and click Upload.
Click Edit.
Configure your truststore.
Click Save.
You have configured the truststore.
Configure the user attributes
Click User attributes.
Click Edit.
Specify the attribute fields, for example, the first name, the last name, or the e-mail.
Click Save.
You have configured the user attributes.
Register ARIS as a trusted service provider
Establish a circle of trust between the identity provider and the service provider.
Procedure
Open a browser.
Enter the following URL into the address bar:
https://<SERVERNAME>/umc/rest/saml/metadata.xml?tenant=<TENANTID>
You get a metadata file. Save this file as an XML file.
Send the metadata file to your SAML identity provider that the metadata can be uploaded.
Your system is configured to be used with single sign-on and SAML.
Troubleshooting
You can find detailed information on SAML authentication issues in the log files of ARIS Administration located in
<Your installation folder>\ARIS10.0\server\bin\work\work_umcadmin_<size>\base\logs
Example
C:\SoftwareAG\ARIS10.0\server\bin\work\work_umcadmin_m\base\logs