| (7 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | =SAML | + | =SAML authentication= |
__TOC__ | __TOC__ | ||
| − | + | Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication. | |
==Configuring SAML== | ==Configuring SAML== | ||
| − | To enable SAML, make the following configuration changes in the ''' | + | To enable SAML, make the following configuration changes in the serverSettings section of the '''application.yaml''' file on each of your Web Services nodes ('''server-settings.yaml''' if you're installing Web Services and Applications version 8.5.201.09 or earlier):<br/> |
'''Start''' | '''Start''' | ||
| Line 10: | Line 10: | ||
<li>Set the following options in the SSL and CA section: | <li>Set the following options in the SSL and CA section: | ||
<ul> | <ul> | ||
| − | <li> | + | <li>[[HTCCConfigurationOptionsReference#caCertificate|caCertificate]] — should point to a JKS key storage that includes the SAML encryption key. See [[SecuredConnectionsSAML#Generating_security_keys|Generating security keys]] for details.</li> |
| − | <li> | + | <li>[[HTCCConfigurationOptionsReference#jksPassword|jksPassword]] — should be the password for the '''caCertificate''' key storage.</li> |
</ul> | </ul> | ||
</li> | </li> | ||
<li>Set the following option in the SAML section: | <li>Set the following option in the SAML section: | ||
<ul> | <ul> | ||
| − | <li> | + | <li>[[HTCCConfigurationOptionsReference#samlSettings|samlSettings]] — the following properties are mandatory: |
<ul> | <ul> | ||
<li>encryptionKeyName</li> | <li>encryptionKeyName</li> | ||
| Line 25: | Line 25: | ||
</ul> | </ul> | ||
</li> | </li> | ||
| − | <li>Save the changes to the | + | <li>Save the changes to the file. Your configuration should look something like this: |
<source lang="text"> | <source lang="text"> | ||
# SSL and CA | # SSL and CA | ||
| Line 39: | Line 39: | ||
</source> | </source> | ||
</li> | </li> | ||
| + | <li>To activate SAML authentication, append the browser URL for Workspace Web Edition with <tt>?authType=saml</tt>.</li> | ||
| + | <li>To enable extended SAML logging, add the following string to '''logback.xml''' file: | ||
| + | <tt><logger name="org.springframework.security.saml" level="%LEVEL%"/></tt>, where valid values for LEVEL are INFO (preferred) or DEBUG.</li> | ||
</ol> | </ol> | ||
'''End''' | '''End''' | ||
| − | + | ==Generating security keys== | |
| − | ==Generating | ||
You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command: | You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command: | ||
<source lang="text"> | <source lang="text"> | ||
| Line 53: | Line 55: | ||
</source> | </source> | ||
| − | + | ==Next step== | |
| − | ==Next | + | *[[Security|Back to Configuring security]] |
| − | *[[Security|Back to Configuring | ||
| − | |||
[[Category:V:HTCC:8.5.2DRAFT]] | [[Category:V:HTCC:8.5.2DRAFT]] | ||
Latest revision as of 12:37, October 25, 2021
SAML authentication
Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication.
Configuring SAML
To enable SAML, make the following configuration changes in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version 8.5.201.09 or earlier):
Start
- Set the following options in the SSL and CA section:
- caCertificate — should point to a JKS key storage that includes the SAML encryption key. See Generating security keys for details.
- jksPassword — should be the password for the caCertificate key storage.
- Set the following option in the SAML section:
- samlSettings — the following properties are mandatory:
- encryptionKeyName
- signingKeyName
- identityProviderMetadata
- samlSettings — the following properties are mandatory:
- Save the changes to the file. Your configuration should look something like this:
# SSL and CA caCertificate: /Users/samluser/Documents/Keys/keystore.jks jksPassword: password # SAML samlSettings: serviceProviderEntityId: genesys.staging.htcc encryptionKeyName: client signingKeyName: client identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml - To activate SAML authentication, append the browser URL for Workspace Web Edition with ?authType=saml.
- To enable extended SAML logging, add the following string to logback.xml file: <logger name="org.springframework.security.saml" level="%LEVEL%"/>, where valid values for LEVEL are INFO (preferred) or DEBUG.
End
Generating security keys
You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:
keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:
keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=HTCC, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"Next step
This page was last edited on October 25, 2021, at 12:37.
Comments or questions about this documentation? Contact us for support!