Application Integration (On-Premises) : Administering the Software AG Infrastructure : Setting Up Security : Update the Single Sign-On System for Your Product
Update the Single Sign-On System for Your Product
The Single Sign-On (SSO) service issues and parses a signed SAML assertion that can be used as a single sign-on and delegation token. The default implementation uses the SAML 2 assertion issuance, however SAML 1.1 version is supported as well.
The bundles required for the SSO service are available within all Common Platform profiles. The SSO service requires a dynamic configuration properties file in order to work correctly. By default, your installation contains a com.softwareag.sso.pid.properties file in the Software AG_directory /profiles/profile_name/configuration/com.softwareag.platform.config.propsloader directory.
The following table outlines the parameters of the SSO service dynamic configuration.
Parameter
Description
com.softwareag.security. idp.keystore.location
Location of the keystore to use. Default is /common/conf/keystore.jks.
com.softwareag.security. idp.keystore.password
Optional. Password for the keystore to use.
com.softwareag.security. idp.keystore.type
Optional. Type of the keystore. Valid values are PKCS7, PKCS12, or JKS (default).
com.softwareag.security. idp.keystore.keyalias
Key alias to use for signing. Default is ssos.
com.softwareag.security. idp.truststore.location
Optional. Truststore to use.
com.softwareag.security. idp.truststore.password
Required if com.softwareag.security.idp.truststore.location is specified. Truststore password.
com.softwareag.security. idp.truststore.type
Required if com.softwareag.security.idp.truststore.location is specified. Type of the trustore. Valid values are PKCS7, PKCS12, or JKS (default).
com.softwareag.security. idp.truststore.keyalias
Truststore key alias. Default is ssos.
com.softwareag.security. idp.assertion.lifeperiod
Time to live for the issued assertion (in milliseconds). Default is 300.
com.softwareag.security. idp.ehcache.location
Location in which to cache the configuration used for caching incoming SAML assertions.
Go to the Software AG_directory /profiles directory. In each profile_name/configuration/com-softwareag.platform.config.propsloader directory, open the com.softwareag.sso.pid.properties file and edit these properties:
com.softwareag.security.idp.truststore.location
com.softwareag.security.idp.truststore.keyalias
@secure.com.softwareag.security.idp.truststore.password
The default truststore location is @path\:sag.install.area/common/conf/ platform_truststore.jks, and the default alias and password are ssos and manage.
If you are editing the Command Central profile (profile name CCE) or Platform Manager profile (profile name SPM), also edit these properties:
com.softwareag.security.idp.keystore.location
com.softwareag.security.idp.keystore.keyalias
@secure.com.softwareag.security.idp.keystore.password
The default keystore location is @path\:sag.install.area/common/conf/keystore.jks, and the default alias and password are ssos and manage.
Copyright © 2015- 2017 Software AG, Darmstadt, Germany. (Innovation Release)

Product LogoContact Support   |   Community   |   Feedback