SSO integration in My webMethods
You can integrate MashZone NextGen under My webMethods in an SSO scenario by SAML (Security Assertion Markup Language ).
MashZone NextGen can accept SAML tokens for authentication in a SSO environment. Specifically, My webMethods can act as an Identity Provider (IdP).
MashZone NextGen verifies the signature used to sign the SAML assertion is trusted by looking the comparing the signature to the platform_truststore.jks file. This file is a Java Keystore file, and can be managed using the Java "keytool" command. If the certificate used to sign the SAML assertion is not present in the platform_truststore.jks file, the assertion is rejected. The platform_truststore.jks file is configurable in SAG_HOME/MashZoneNG/apache-tomcat/webapps/mashzone/WEB-INF/classes/presto.config.
Information on the Java "keytool" command can be found in the Java documentation:
http://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html1. Within the presto.config file, the saml.truststore.file parameter contains the full path to the file. The default configuration uses the SAG_HOME/common/conf/platform_truststore.jks file. By default, the file contains the certificate used to sign My webMethods SAML assertions. No further configuration is needed in the My webMethods SAML case.
2. Within the presto.config file, the saml.truststore.passwd parameter contains the keystore password. The default configuration uses the password for the SAG_HOME/common/conf/platform_truststore.jks file. The default password is manage.
3. To accept SAML assertions signed by a third party, the signing certificate must be either imported as a "trusted certificate" to the currently configured platform_truststore.jks file, or the presto.config file must be altered to point to a different keystore file, where this signing certificate is already imported as a "trusted certificate".
Contact Support
|
Community
|
Feedback