Configuring Single Sign-On for Using a Third-Party Identity Provider
You can use My webMethods Server as a SAML consumer and a third-party identity provider (IDP) as the SAML authority for enabling IDP initiated single sign-on (SSO).
To configure SSO using a third-party IDP
1. Ensure that My webMethods Server is configured to use a secure HTTPS port.
3. Import the IDP's certificate to the My webMethods Server truststore to ensure that My webMethods Server trusts the valid messages received from a trusted IDP source. Use the JVM's keytool command. For information about importing certificates to the My webMethods Server truststore, see Importing CA Certificates. 4. Start My webMethods Server.
On startup, My webMethods Server creates two metadata files in the Software AG_directory \MWS\server\serverName\config directory: SPMetadata.xml and IDPMetadata.xml.
5. To register the Service Provider (My webMethods Server) with the external identity provider, copy the Software AG_directory \MWS\server\serverName\config\SPMetadata.xml file from My webMethods Server to the IDP sever.
The identity provider uses the endpoint location of the My webMethods Server instance from the SPMetdata.xml file and lists My webMethods Server as a service provider.
6. By default, Software AG supports encrypted assertions. Replace the following default JCE policy files in Software AG_directory \jvm\operating_system\jre\lib\security folder with the latest JCE files:
local_policy.jar
US_export_policy.jar
7. Restart My webMethods Server.
8. Verify IDP initiated single sign-on.
If you are using Mircrosoft ADFS (Active Directory Federation Services) as the third-party IDP, see
Verifying IDP (Mircrosoft ADFS)
Initiated Single Sign-On.