Configuring Identity Provider Initiated Single Sign-On with a Third-Party Identity Provider

My webMethods Server 10.11 | My webMethods Server Webhelp | Administering My webMethods Server | System Administrator Functions | Managing Security | Configuring My webMethods Server Single Sign-On | Using Single Sign-On with SAML and a Third-Party Identity Provider | Configuring Identity Provider Initiated Single Sign-On with a Third-Party Identity Provider

To configure IDP Initiated SSO using a third-party IDP

1. Ensure that My webMethods Server is configured to use an HTTPS port.

2. Set the required properties in the websso.properties file. For information about working with the websso.properties file, see Setting Properties in the websso.properties File.

3. Import the IDP certificate to the My webMethods Server truststore using the keytool command of the JVM. For more information, see Importing CA Certificates.

4. Start My webMethods Server.

On startup, My webMethods Server creates two metadata files in the Software AG_directory \MWS\server\serverName\config directory: SPMetadata.xml and IDPMetadata.xml.

5. Register My webMethods Server as a service provider with the external identity provider using the information in the Software AG_directory \MWS\server\serverName\config\SPMetadata.xml file, or copy the file to the required location on the IDP sever.

The identity provider uses the endpoint location of the My webMethods Server instance from the SPMetdata.xml file to list My webMethods Server as a service provider.

6. When the IDP provider is configured to send encrypted assertions, replace the following (default) JCE policy files in Software AG_directory \jvm\operating_system\jre\lib\security folder with the latest JCE files:

local_policy.jar

US_export_policy.jar

7. Restart My webMethods Server.