Software AG Product Suite 10.4 | Setting Up Security | Updating the Single Sign-On System for Your Product
 
Updating the Single Sign-On System for Your Product
The single sign-on (SSO) service issues and parses a signed SAML assertion that can be used as a single sign-on and delegation token. The default implementation uses the SAML 2 assertion issuance, however SAML 1.1 version is supported as well.
The bundles required for the SSO service are available within all Common Platform profiles. The SSO service requires a dynamic configuration properties file in order to work correctly. By default, your installation contains a com.softwareag.sso.pid.properties file in the Software AG_directory /profiles/profile_name/configuration/com.softwareag.platform.config.propsloader directory.
The following table describes the parameters for dynamic configuration of the SSO service.
Parameter
Description
com.softwareag.security.idp.
keystore.location
Location of the keystore to use. Default is @path\:sag.install.area/common/conf/keystore.jks.
com.softwareag.security.idp.
keystore.password
Optional. Password for the keystore to use. Default is manage.
com.softwareag.security.idp.
keystore.type
Optional. Type of the keystore. Valid values are PKCS7, PKCS12, or JKS (default).
com.softwareag.security.idp.
keystore.keyalias
Optional. Key alias to use for signing. Used when issuing of SAML assertions is required. No default.
com.softwareag.security.idp.
keystore.keypassword
Optional. Key password for the private key if the key password is different from the keystore password. If no value is set, the SSO service uses the keystore password.
com.softwareag.security.idp.
truststore.location
Optional. Location of the truststore to use. Default is @path\:sag.install.area/common/conf/platform_truststore.jks.
com.softwareag.security.idp.
truststore.password
Required if com.softwareag.security.idp.truststore.location is specified. Truststore password. Default is manage.
com.softwareag.security.idp.
truststore.type
Required if com.softwareag.security.idp.truststore.location is specified. Type of the truststore. Valid values are PKCS7, PKCS12, or JKS (default).
com.softwareag.security.idp.
truststore.keyalias
Truststore key alias. No default. If no value is set, the SSO service checks all available certificates in the truststore. If a specific value is set, the SSO services checks only against the certificate with the specified alias in the truststore.
com.softwareag.security.idp.
assertion.lifeperiod
Optional. Time to live for the issued assertion (in seconds). Default is 300.
com.softwareag.security.idp.
SSOassertion.lifeperiod
Optional. Time to live for the issued SSO assertion (in seconds). Default is 5.
com.softwareag.security.idp.
cache.ttl
Optional. The time for which the issued assertion lives in the cache (in seconds). Default is 120.
Go to the Software AG_directory /profiles directory. In each profile_name/configuration/com-softwareag.platform.config.propsloader directory, open the com.softwareag.sso.pid.properties file and edit these properties:
com.softwareag.security.idp.truststore.location
com.softwareag.security.idp.truststore.keyalias
@secure.com.softwareag.security.idp.truststore.password
If you are editing the Command Central profile (profile name CCE) or Platform Manager profile (profile name SPM), also edit these properties:
com.softwareag.security.idp.keystore.location
com.softwareag.security.idp.keystore.keyalias
@secure.com.softwareag.security.idp.keystore.password
Copyright © 1999-2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release