Update the Single Sign-On System for Your Product
The Single Sign-On (SSO) service issues and parses a signed SAML assertion that can be used as a single sign-on and delegation token. The default implementation uses the SAML 2 assertion issuance, however SAML 1.1 version is supported as well.
The bundles required for the SSO service are available within all Common Platform profiles. The SSO service requires a dynamic configuration properties file in order to work correctly. By default, your installation contains a com.softwareag.sso.pid.properties file in the Software AG_directory /profiles/profile_name/configuration/com.softwareag.platform.config.propsloader directory.
The following table outlines the parameters of the SSO service dynamic configuration.
Parameter | Description |
com.softwareag.security. idp.keystore.location | Location of the keystore to use. Default is /common/conf/keystore.jks. |
com.softwareag.security. idp.keystore.password | Optional. Password for the keystore to use. |
com.softwareag.security. idp.keystore.type | Optional. Type of the keystore. Valid values are PKCS7, PKCS12, or JKS (default). |
com.softwareag.security. idp.keystore.keyalias | Key alias to use for signing. Default is ssos. |
com.softwareag.security. idp.truststore.location | Optional. Truststore to use. |
com.softwareag.security. idp.truststore.password | Required if com.softwareag.security.idp.truststore.location is specified. Truststore password. |
com.softwareag.security. idp.truststore.type | Required if com.softwareag.security.idp.truststore.location is specified. Type of the trustore. Valid values are PKCS7, PKCS12, or JKS (default). |
com.softwareag.security. idp.truststore.keyalias | Truststore key alias. Default is ssos. |
com.softwareag.security. idp.assertion.lifeperiod | Time to live for the issued assertion (in milliseconds). Default is 300. |
com.softwareag.security. idp.ehcache.location | Location in which to cache the configuration used for caching incoming SAML assertions. |
Go to the Software AG_directory /profiles directory. In each profile_name/configuration/com-softwareag.platform.config.propsloader directory, open the com.softwareag.sso.pid.properties file and edit these properties:
com.softwareag.security.idp.truststore.location
com.softwareag.security.idp.truststore.keyalias
@secure.com.softwareag.security.idp.truststore.password
The default truststore location is @path\:sag.install.area/common/conf/ platform_truststore.jks, and the default alias and password are ssos and manage.
If you are editing the Command Central profile (profile name CCE) or Platform Manager profile (profile name SPM), also edit these properties:
com.softwareag.security.idp.keystore.location
com.softwareag.security.idp.keystore.keyalias
@secure.com.softwareag.security.idp.keystore.password
The default keystore location is @path\:sag.install.area/common/conf/keystore.jks, and the default alias and password are ssos and manage.
Contact Support
|
Community
|
Feedback