1. Administration and Configuration Guide
  2. Generic Configurations
  3. SSO Authentication (SAML) Configuration

SSO Authentication (SAML) Configuration

For SAML Service Provider Metadata Configuration with Certificate, update the sp_metadata.xml file with the X509 Certificate, which is available on the OFSAA Configuration window. For more information, see the section Update General Details in the OFS Analytical Applications Infrastructure User Guide.
The following code snippet shows the format of the tags in the XML file:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
entityID="$ENTITYID$"> <md:SPSSODescriptor
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data> <ds:X509Certificate></ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate></ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$CONSUMERSERVICEURL$" index="0"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="$LOGOUTSERVICEURL$"/> </md:SPSSODescriptor> </md:EntityDescriptor>

Note:

Do not copy ----Begin Certificate---- and ----End Certificate----. It may lead to issues during authentication.
The following code snippet is an example of the XML file with X509 Certificate values embedded in the tags:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://example.com:3333/ofsa8100"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MITFpTCCA42gAwIBAgIJAKhGKZaNnbRxMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlLYXJuYXRha2ExEjAQBgNVBAcMCUJhbmdhbG9yZTEPMA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVGU0dCVTERMA8GA1UEAwwId2hmMDBvZnMwHhcNMTkxMTA4MDc1NzE5WhcNMjExMTA3MDc1NzE5WjBpMQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCYW5nYWxvcmUxDzANBgNVBAoMBk9yYWNsZTEOMAwGA1UECwwFRlNHQlUxETAPBgNVBAMMCHdoZjAwb2ZzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuctabBwiZpv0wk4fBdqXmHTNAb/3Rj+SvgVAxmL5ix09Z6bS+x26oHmxBHSY2zXlz5ArXeHzKpGgm0D/zSeSxvs9v1SqrFxjjFakYNmzP361VptOpu53njZ+3f+WMXocHSTvOFsRRfzRfNTpvmXSiVzvKUtqgT8QgPMHTR5MuLWDYiz3RLzTnN/rJ/oO4+2fQmOeo9GRkeO41SAI+SPDnOSMjycGq7rlmqnJCAfV4OVJ2wSfuQLieNkfJUWINEiF7UT+/5IlSHjlpo6YJRVMXT51KD6Rx3i31FEzJaTaWJoDA2C7YA6xs7DYfrbTenPKxwtue99stJDoeMKS8cGG8UK8N12BvlaLraaasmr/cDdBV89VRoP+6eDQEwhXHT834ruZ6oM0p+TzyHztYNur9BJKtMqGlzyX+wGMGu9FFjLu5pxwtJw1qxMv9ti35yLMVUVOYAjMSHtqj+I9d1zBLNOQMs4sPxzIZgmGMuZ0TM4kgsSNl4LuAPbFw4wDG4Q/oJYBiBMifzPC3OytYjcDTqNtl5i40iMLMbw0bLWqFW39z0GhrNoCko6DcLTRLLtB1ERw/AmGKBdP8T66kz7hEy9C/SkyP+75qJxhjEDMN2Ha+wwrrat3Yg+H+n7OM+xJJScerK3ZiiqkEGCA69gjvaCBKp/v/pEL/wepHZV6aGECAwEAAaNQME4wHQYDVR0OBBYEFEi7rT1QIjudl3jn6UTRP4sw9CzeMB8GA1UdIwQYMBaAFEi7rT1QIjudl3jn6UTRP4sw9CzeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADeHLz7k3/iOessnp8dReiGGpf+fIzib+whbUcaVMrNzGk86WQb8zNXGExcZV3RX9l35zW2hDwQUDpdl25lHpvDTo4xIvBOMi4P49rz0SMVYiXVAPY7sy+cidjmcATI4UXxeGD3g+gvzv3z9l6Mg19ivits5BFUksIHMY+rgMewj2+ovSeo8RJd8rjeG7z7JDKlOj1PUPfjpEB9nY+V6tTuqYopcJU6ln3zyN4ngcrJEahY15jeRBzkdzAQRoIRnEjFEob6lCxdkciupl2IdOz6c2kkYQnMcDjyT8jfMQffFMAV/rcE6RS+w4+Ear0/q3svukGYpZnpGpEdxhIV4uo0TwSZo6cE1cj1LGRPNYP/2Cfd6Gp1qJBUxrFKjYx1v9c0KJEnGVUuhNRKxcPfacHloJmNHS5Z2xVQrY+eBSuR+TtKTaio9FWigU3Nx6v1LkbvC7265N38Is3Gkhk5KbN+G4Xet6TX3LcRx0MDqfRfZT3Q+7elFFEunxeBaXg6OaTKbxhHtskgAi1+4z/acrYKC/yjNn8F7qJNkhsFovVHwqPItx517XZzsNjVcp3V+oFfPZdw6MQtp7zSqB+GnM52OrT77X3hGe7+B+PpTARueth2trsiNagqrumAKV8DdtS0Q4XCQ++mmKmm8n/5Epq10Sagbf1D46q+iawIgZf1E</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MITFpTCCA42gAwIBAgIJAKhGKZaNnbRxMA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlLYXJuYXRha2ExEjAQBgNVBAcMCUJhbmdhbG9yZTEPMA0GA1UECgwGT3JhY2xlMQ4wDAYDVQQLDAVGU0dCVTERMA8GA1UEAwwId2hmMDBvZnMwHhcNMTkxMTA4MDc1NzE5WhcNMjExMTA3MDc1NzE5WjBpMQswCQYDVQQGEwJJTjESMBAGA1UECAwJS2FybmF0YWthMRIwEAYDVQQHDAlCYW5nYWxvcmUxDzANBgNVBAoMBk9yYWNsZTEOMAwGA1UECwwFRlNHQlUxETAPBgNVBAMMCHdoZjAwb2ZzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuctabBwiZpv0wk4fBdqXmHTNAb/3Rj+SvgVAxmL5ix09Z6bS+x26oHmxBHSY2zXlz5ArXeHzKpGgm0D/zSeSxvs9v1SqrFxjjFakYNmzP361VptOpu53njZ+3f+WMXocHSTvOFsRRfzRfNTpvmXSiVzvKUtqgT8QgPMHTR5MuLWDYiz3RLzTnN/rJ/oO4+2fQmOeo9GRkeO41SAI+SPDnOSMjycGq7rlmqnJCAfV4OVJ2wSfuQLieNkfJUWINEiF7UT+/5IlSHjlpo6YJRVMXT51KD6Rx3i31FEzJaTaWJoDA2C7YA6xs7DYfrbTenPKxwtue99stJDoeMKS8cGG8UK8N12BvlaLraaasmr/cDdBV89VRoP+6eDQEwhXHT834ruZ6oM0p+TzyHztYNur9BJKtMqGlzyX+wGMGu9FFjLu5pxwtJw1qxMv9ti35yLMVUVOYAjMSHtqj+I9d1zBLNOQMs4sPxzIZgmGMuZ0TM4kgsSNl4LuAPbFw4wDG4Q/oJYBiBMifzPC3OytYjcDTqNtl5i40iMLMbw0bLWqFW39z0GhrNoCko6DcLTRLLtB1ERw/AmGKBdP8T66kz7hEy9C/SkyP+75qJxhjEDMN2Ha+wwrrat3Yg+H+n7OM+xJJScerK3ZiiqkEGCA69gjvaCBKp/v/pEL/wepHZV6aGECAwEAAaNQME4wHQYDVR0OBBYEFEi7rT1QIjudl3jn6UTRP4sw9CzeMB8GA1UdIwQYMBaAFEi7rT1QIjudl3jn6UTRP4sw9CzeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADeHLz7k3/iOessnp8dReiGGpf+fIzib+whbUcaVMrNzGk86WQb8zNXGExcZV3RX9l35zW2hDwQUDpdl25lHpvDTo4xIvBOMi4P49rz0SMVYiXVAPY7sy+cidjmcATI4UXxeGD3g+gvzv3z9l6Mg19ivits5BFUksIHMY+rgMewj2+ovSeo8RJd8rjeG7z7JDKlOj1PUPfjpEB9nY+V6tTuqYopcJU6ln3zyN4ngcrJEahY15jeRBzkdzAQRoIRnEjFEob6lCxdkciupl2IdOz6c2kkYQnMcDjyT8jfMQffFMAV/rcE6RS+w4+Ear0/q3svukGYpZnpGpEdxhIV4uo0TwSZo6cE1cj1LGRPNYP/2Cfd6Gp1qJBUxrFKjYx1v9c0KJEnGVUuhNRKxcPfacHloJmNHS5Z2xVQrY+eBSuR+TtKTaio9FWigU3Nx6v1LkbvC7265N38Is3Gkhk5KbN+G4Xet6TX3LcRx0MDqfRfZT3Q+7elFFEunxeBaXg6OaTKbxhHtskgAi1+4z/acrYKC/yjNn8F7qJNkhsFovVHwqPItx517XZzsNjVcp3V+oFfPZdw6MQtp7zSqB+GnM52OrT77X3hGe7+B+PpTARueth2trsiNagqrumAKV8DdtS0Q4XCQ++mmKmm8n/5Epq10Sagbf1D46q+iawIgZf1E</ds:X509Certificate> </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-
format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://example.com:3333/ofsa8100/login.jsp" index="0"/>
<md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://example.com:3333/ofsa8100/signoff.jsp"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
After updating the file, upload it to the Trusted Providers table under Identity Federation in the Identity Manager application.