Configuring Provider Metadata for SAML Integration
SAML metadata is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). Metadata for both the IdP and the SP is defined in an XML file:
- The IdP metadata XML file contains the IdP certificate, the entity ID, the redirect URL, and the post URL, for example, saml_idp_metadata.xml.
- The SP metadata XML file contains the SP certificate, the entity ID, and the Assertion Consumer Service URL (ACS URL), for example, saml_sp_metadata.xml.
Before using SAML to log on to the Web Console, metadata from the IdP must be uploaded and metadata from the SP must be generated. After the SP metadata is generated, it must be shared with the IdP. Contact the IdP for instructions on sharing the SP metadata.
Before You Begin
- Create an Identity Provider (IdP) metadata XML file using the SAML protocol. For SAML metadata specifications, go to the Oasis website, Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.
- Create a keystore file. For information on keystore files, see Creating Certificates for SAML Integration.
- From the CommCell Console ribbon, on the Home tab, click Control Panel.
- In the CommCell section, click Identity Management.
The Identity Management dialog box is displayed.
- On the Identity Management tab, click Add > SAML.
The Add SAML Application Info dialog box is displayed.
- On the General tab, enter an application name in the Application Name box.
- On the SAML tab, select the Enable Signature verification check box so the request message is digitally signed.
- To allow users to choose from a list of SAML IdPs when they log on, select the Use redirect URL for SSO check box and on the Association tab, select users and user groups.
- Upload the IdP metadata:
- On the SAML tab in the Upload IDP metadata section, click Browse next to the File Path box.
- Browse to the location of the XML file that contains the IdP metadata, select the file, and click Import.
- Review the values in the Entity ID, Redirect Url, and Post Url boxes. This information came from the imported IdP XML file.
- Generate the SP metadata:
- In the Reuse\Generate new metadata section, click Browse next to the Keystore File Path box.
- Browse to the location of the keystore file, for example, C:\security\mykeystore.jks.
For information on keystore files, see Creating Certificates for SAML Integration.
- Enter the keystore file values for Alias name, Key store password, and Key password.
- In the Destination file path box, enter a location and a file name for the SP metadata XML file, for example, C:\metadata\saml_sp_metadata.xml.
Once OK is clicked, the SP metadata XML file is created using the location and name entered in the Destination file path box.
- In the Web Console list, click the Web Console to use with SAML authentication.
- Click OK to generate the SP metadata and to save the IdP metadata.
After the SP metadata is generated, it must be shared with the IdP. Contact the IdP for instructions on sharing the SP metadata.