Configuring Single Sign-On for Using a Third-Party Identity Provider
You can use My webMethods Server as a SAML consumer and a third-party identity provider (IDP) as the SAML authority for enabling IDP initiated single sign-on (SSO).
To configure SSO using a third-party IDP
1. Ensure that My webMethods Server is configured to use a secure HTTPS port.
3. Import the IDP's certificate to the My webMethods Server truststore to ensure that My webMethods Server trusts the valid messages received from a trusted IDP source. Use the JVM's keytool command. For information about importing certificates to the My webMethods Server truststore, see Importing CA Certificates. 4. Start My webMethods Server.
On startup, My webMethods Server creates the metadata.xml file in the Software AG_directory \MWS\server\serverName\config directory.
5. To register the Service Provider (My webMethods Server) at IDP, copy the Software AG_directory \MWS\server\serverName\config\metadata.xml file from My webMethods Server to the IDP sever.
IDP looks for the endpoint location of the My webMethods Server instance in the metadata file. My webMethods Server will be listed in IDP.
6. By default, Software AG supports encrypted assertions. Replace the following default JCE policy files in Software AG_directory \jvm\operating_system\jre\lib\security folder with the latest JCE files:
local_policy.jar
US_export_policy.jar
7. Restart My webMethods Server.
8. Verify IDP initiated single sign-on.
If you are using Mircrosoft ADFS (Active Directory Federation Services) as the third-party IDP, see
Verifying IDP (Mircrosoft ADFS)
Initiated Single Sign-On.
