SAML for Authentication and AAI for Authorization

This section describes the SAML for Authentication and AAI for Authorization.

If the REALM type is selected as SAML for authentication and AAI for authorization, configure:
  1. Navigate to <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin directory.
  2. Open the config.sh file and set the parameters as described in the following table.

    Table 2-5 Parameters of config.sh file

    Parameter Significance Value
    AUTH_REALM Realm indicates the functional grouping of database schemas and roles that must be secured for an application. Realms protect data from access through system privileges; realms do not give its owner or participant’s additional privileges.

    The Compliance Studio application can be accessed using the following realms:

    FCCMRealm Value=AAI FCCSamlRealm Value=SAML

    		SAML

    Note: This parameter is mandatory.

    AUTH_AAI_OAUTH_CLIENT_SECRET Indicates the Bearer token (STP_ACC_TKN) To get the instance name, see the Generating the Bearer Token section
    AUTH_AAI_OAUTH_CLIENT_ID Indicates the Instance Name (STP_ACC_NM) of the Bearer Token. To get the instance name, see the Generating the Bearer Token section
    IS_USER_AUTHZ_FROM_AAI Indicates the Auth type for Data Studio

    This value must be set to True.

    AUTH_SAML_DS_DESTINATION Indicates the SAML IDP URL that the Identity Provider provides after creating the SAML Application. Provide the IDCS-SSO URL.

    Note: This parameter is mandatory.

    AUTH_SAML_DS_ROLE_ATTRIBUTE Indicates the SAML client identifier provided by the SAML Administrator for the Role and Attributes information while creating the SAML application for Compliance Studio. Provide the group name.

    Note: This parameter is mandatory.

    AUTH_SAML_DS_STUDIO_LOGOUT_URL Indicates the SAML client identifier provided by the SAML Administrator for the Logout URL information while creating the SAML application for Compliance Studio. Provide the IDCS-SLO URL.

    Note: This parameter is mandatory.

    AUTH_AAI_AUTH_URL The Application URL of ECM/BD application.

    URL: http://<Server Hostname>:<Applic ation URL PORT>/ <Context Path>

    		 The value will be BD/ECM application where the USER-GROUP map/authentication is present.

    Note: This parameter is mandatory.

  3. Reinstall Compliance Studio with updated configuration.
  4. Restart Compliance Studio.