For an SAML connection, the HTTP query when calling PPM must be added a so-called SAML signed assertion that PPM verifies at an authentication service. The SAML signed assertion is usually provided by the application calling. Among other data, the assertion contains the data of the user who wants to log in to PPM. If the assertion is valid and the user is known to PPM and active, login is successful and the user is granted access to PPM.
SAML 2 parameters
Use the following entries in central user administration to configure SAML 2 access.
com.aris.umc.saml.keystore.password = Keystore user password
The truststore is used for verifying the signature of a signed assertion received in a third-party system while the keystore is used for signing own signed assertions. This means that each certificate in the keystore of the issuer must exist in the truststore of the receiver so that the certificate can be verified. Ideally, the certificates are identical on both sides (truststore/keystore and issuer/receiver).