Configuring Single Sign-On in Listeners User Interface
To enable SSO for
ActiveTransfer Web Client in Listeners user interface (UI)
1. Enable the system property, mft.server.https.auth.saml to true in the Integration Server_directory \instances\ instance_name \packages\WmMFT\config\properties.cnf file.
2. Enable the Support Single Sign-On (SSO) checkbox in the Server Management page for the port.
3. Specify the details for the following fields:
Field | Details |
ActiveTransfer certificate alias | Configure the keystore in certificate management for the certificate alias to generate the SAML tokens. |
Service provider endpoint URL | https://localhost:2343 |
IDP metadata URL | https://localhost:8443/auth/realms/ TestSAML/protocol/saml/descriptor/ Or file:///C:/SoftwareAG_105/IDPMetadata.xml |
Sign alias | keycloakssl |
Encrypt alias | keycloakssl |
Default alias | keycloakssl |
Client Id | Configure this field if you need a custom client Id. Service provider endpoint URL is set as the default client Id, if you do not configure the Client Id field. |
Important:
If you want to configure Single Sign-On for IDP initiated login through URI, then enable the
IDP Initiated SSO option and specify the IDP initiated redirect URI.
When you configure WebSSO in listeners UI, the system generates the
SPMetadata.xml file and downloads the
IDPMetadata.xml file in the
/sso and
/gen directories. However, if you cannot download the IDPMetadata.xml file from the IDP server or file path, then copy the content of the hosted IDPMetadata XML to the generated IDPMetadata.xml file. You can download the
SPMetadata.xml file by clicking on the
Download SP Metadata option.
SPMetadata.xml and
IDPMetadata.xml files are refreshed at every initialization of SSO from
webMethods ActiveTransfer. If the
IDPMetadata.xml file download fails over HTTP or HTTPS, download the file to a different directory and provide the file path in the IDPMetadata URL. For example,
file:///mnt/myIdpMetadata.xml.
You can trigger the
Initialize option in the listeners UI to regenerate the property file.
The SP metadata file needs to be used by the IDP Provider to add the Service Provider.
You can map multiple values of SSO for multiple ports by selecting the respective port number in listeners UI.