Configuring Single Sign-On for Using Third-Party Identity Provider
You can use My webMethods Server as a SAML consumer and a third-party identity provider (IDP) as the SAML authority for enabling IDP initiated single sign-on.
To configure SSO using third-party IDP
1. Ensure that My webMethods Server is configured to use a secure HTTPS port.
3. Import IDP's certificate to My webMethods Server truststore to ensure that My webMethods Server trusts the valid messages received from a trusted IDP source. Use JVM's keytool command. See Importing CA Certificates. 4. Start My webMethods Server.
On startup, My webMethods Server creates the metadata.xml file in the Software AG_directory \MWS\server\serverName\config directory.
5. To register the Service Provider (My webMethods Server) at IDP, copy the Software AG_directory \MWS\server\serverName\config\metadata.xml file from My webMethods Server to the IDP sever.
IDP looks for the endpoint location of the My webMethods Server instance in the metadata file. My webMethods Server will be listed in IDP.
6. By default, Software AG supports encrypted assertions. Replace the following default JCE policy files in Software AG_directory \jvm\operating_system\jre\lib\security folder with the latest JCE files:
local_policy.jar
US_export_policy.jar
7. Restart My webMethods Server.
8. Verify IDP initiated single sign-on.
If you are using Mircrosoft ADFS (Active Directory Federation Services) as the third-party IDP, see
Verifying IDP (Mircrosoft ADFS)
Initiated Single Sign-On.
