Configuring Single Sign-On for ActiveTransfer Web Client

ActiveTransfer Server 10.11 | webMethods ActiveTransfer Documentation | Administering ActiveTransfer Server | Configuring webMethods ActiveTransfer | Configuring Single Sign-On for ActiveTransfer Web Client

To enable SSO for ActiveTransfer Web Client

1. Enable the system property, mft.server.https.auth.samlto true in the Integration Server_directory \instances\ instance_name \packages\WmMFT\config\properties.cnf file.

2. Configure the redirection URI, the ActiveTransfer Server URL that you provided when registering with the identity provider in the mft.server.https.auth.saml.redirecturi property. For example, https://idp.machine/adfs/ls/idpinitiatedsignon.aspx.

3. The public key from the IDP server must be configured to the web client. Configure the profiles for SAML under the Security Infrastructure (SIN). You can configure the security properties that are set during server startup. The configuration file com.softwareag.sso.pid.properties is located in the Software AG_directory/profiles/profile/configuration/com.softwareag.platform. config.propsloader directory. The default configuration is as shown below:

com.softwareag.security.idp.keystore.keyalias=ssos
com.softwareag.security.idp.SSOassertion.lifeperiod=5
com.softwareag.security.idp.keystore.type=JKS
com.softwareag.security.idp.assertion.skew=30
com.softwareag.security.idp.truststore.location=/common/conf/
platform_truststore.jks
com.softwareag.security.idp.truststore.password=manage
com.softwareag.security.idp.keystore.location=/common/conf/keystore.jks
enabled=false
com.softwareag.security.idp.keystore.password=manage
com.softwareag.security.idp.truststore.keyalias=ssos
com.softwareag.security.idp.assertion.lifeperiod=300
com.softwareag.security.idp.truststore.type=JKS

The downloaded key from the IDP server must be included in the location, com.softwareag.security.idp.truststore.location

Note:
SIN searches for com.softwareag.security.idp.truststore.keyalias to load the alias. If a user wants to configure more than one alias, then do not set any value to this property.

4. Verify the configured SSO truststore and add the public key from the identity provider to the truststore and restart ActiveTransfer Server.

5. In the Server Management page, Ports tab, select an HTTPS listener for which you want to enable SSO.

Note:
SSO is supported only for HTTPS protocol.

a. In the SSO Options section of the Advanced tab, select the Support Single Sign-On login option.

The HTTPS host name and port (for example: https://localhost:234) is now enabled for SSO in ActiveTransfer Web Client.