These properties are not cluster-aware and, hence, you must manually copy them to all the nodes.

Location: SAG_Root/profiles/ISIS_Instance_Name/apigateway/config/uiconfiguration.properties

API Gateway supports both Form-based and SAML-based authentication. If both are enabled, this property decides the login page to be displayed, by default, when a user visits the login page http://host:port/apigatewayui. A user can go to a specific login page using:

Available values are: Form, SAML.

Default value is Form.

This property enables or disables Form-based authentication. If both SAML and Form are disabled, the value Form is retained by default.

Available values: true, false.

Default value is true.

If a protected resource is accessed and the Form-based authentication is enabled, user is redirected to this page.

Default value is /login.

Host where the IS package is hosted. localhost is replaced by the hostname that is resolved through localhost.

Default value is http://localhost:port. Here, port denotes the port that is configured at the time of installation.

This property denotes the language to be used in the API Gateway UI.

Default value is en (English).

This property denotes the user session timeout value in minutes.

Default value is 90.

API Gateway user interface supports the following SAML values:

The value sent in the NameID is used as logged in user Id. In the absence of a NameID, the attribute value with http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn namespace is used for the user id.

The attribute value with http://schemas.microsoft.com/ws/2008/06/identity/claims/role or http://schemas.xmlsoap.org/claims/Group can be used to pass the roles. These roles can be one or more roles supported by API Gateway.

An alternative option is to send any roles and map those roles to one of the API Gateway roles. The mapping must be done in SAG_Root/IntegrationServer/instances/IS_Instance_Name/packages/WmAPIGateway/config/resources/security/saml_groups_mapping.xml. The format is <group source="Some Role" target="API Gateway Role" />. Example <group source="API Managers" target="API-Gateway-Providers" /> .

You must then configure the SAG_Root/IntegrationServer/instances/IS_Instance_Name/config/is_jaas.cnf file by replacing com.wm.app.b2b.server.auth.jaas.SamlOSGiLoginModule requisite; with com.softwareag.apigateway.auth.saml.APIGatewaySamlLoginModule requisite; and save the changes.

Configure the following properties, located at SAG_Root/profiles/IS_IS_Instance_Name/apigateway/config/uiconfiguration.properties, to enable the SAML based SSO.

This property enables or disables SAML-based authentication.

Available values: true, false.

Default value is false.

Denotes the location of keystore. The keystore with self-signed certificates are shipped at SAG_Root/profiles/IS_ IS_Instance_Name /apigateway/config/keystore/saml_sso.jks. The keystore has 3 certificates with the following alias:

The password for keystore is apigwstore.

Default value is None.

Denotes the keystore type.

Available values: JKS, PKCS12.

Default value is JKS.

Denotes the keystore password. On starting the web-app, this password is moved to passman secure store located at SAG_Root/profiles/IS_IS_Instance_Name/apigateway/config/passman and the handle is maintained as part of this property. Tampering with the handle results in exceptions.

Default value is None.

This is the certificate alias used for signing the SAML authentication request.

Default value is None.

Denotes the password for the certificate alias. On starting the web-app, this password is moved to passman secure store and the handle is maintained as part of this property. Tampering with the handle results in exceptions.

Default value is None.

Denotes the certificate alias to be used for encrypting the SAML authentication request.

Default value is None.

Password for certificate alias used for encrypting the SAML authentication request. On starting the web-app, this password is moved to passman secure store and the handle is maintained as part of this property. Tampering with the handle results in exceptions.

Default value is None.

This alias is used for signing and encryption if sign and encryption related alias are missed.

Default value is None.

Denotes password for default key alias. On starting the web-app, this password is moved to passman secure store and the handle is maintained as part of this property. Tampering with the handle results in exceptions.

Default value is None.

Denotes whether to send the signed SAML authentication request.

Available values: true, false.

Default value is true.

Denotes whether we expect the signed assertion to be sent by the IDP.

Available values: true, false.

Default value is true.

Denotes service provider identity which is sent as part of SAML authentication request.

Default value is Host name of localhost.

Denotes the file URL of IDP metadata. Consult your IDP documentation on how to generate one.

Default value is None.

Denotes the file URL of Gateway metadata. You can get the content from http://host:port/apigatewayui/saml/sso/metadata

Default value is None.

Location : SAG_Root/profiles/IS_IS_Instance_Name/apigateway/config/uiconfiguration.properties

Decides whether kibana should be started as part of web-app.

Available values: true, false.

Default value is true.

Denotes the URL where Kibana is running. localhost is replaced by the hostname that is resolved through localhost. The port and other configurations of the kibana can be changed from SAG_Root/profiles/IS_IS_Instance_Name/apigateway/kibana-4.5.1/config/kibana.yml

Default value is http://localhost:9405

Denotes the URL where Event Data Store (HTTP) is running. localhost is replaced by the hostname that is resolved through localhost.

Default value is http://localhost:port

port denotes the Event Data Store HTTP port configured during installation.