2.4.2 SAML for Authentication and AAI for Authorization

This section describes the SAML for Authentication and AAI for Authorization.

If the REALM type is selected as SAML for authentication and AAI for authorization, configure:
  1. Navigate to <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin directory.
  2. Open the config.sh file and set the parameters as described in the following table.

    Table 2-6 Parameters of config.sh file

    Parameter Significance Value
    AUTH_REALM Realm indicates the functional grouping of database schemas and roles that must be secured for an application. Realms protect data from access through system privileges; realms do not give its owner or participant’s additional privileges.

    The Compliance Studio application can be accessed using the following realms:

    FCCMRealm Value=AAI FCCSamlRealm Value=SAML

    		SAML

    Note: This parameter is mandatory.

    SAML_DESTINATION Indicates the SAML IDP URL that the Identity Provider provides after creating the SAML Application. Provide the IDCS-SSO URL.

    Note: This parameter is mandatory.

    SAML_ROLE_ATTRIBUTE Indicates the SAML client identifier provided by the SAML Administrator for the Role and Attributes information while creating the SAML application for Compliance Studio. Provide the group name.

    Note: This parameter is mandatory.

    SAML_LOGOUT_URL Indicates the SAML client identifier provided by the SAML Administrator for the Logout URL information while creating the SAML application for Compliance Studio. Provide the IDCS-SLO URL.

    Note: This parameter is mandatory.

    AAI_URL The Application URL of ECM/BD application.

    URL: http://<Server Hostname>:<Applic ation URL PORT>/ <Context Path>

    		 The value will be BD/ECM application where the USER-GROUP map/authentication is present.

    Note: This parameter is mandatory.

  3. Reinstall Compliance Studio with updated configuration.
  4. Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/deployed/mmg-home/mmg-ui/conf directory.
  5. Open the application.properties file and add the following lines at the last:
    #Fetching User-Groups from AAI using Bearer Token
    aai.client.id=#client#
    aai.client.secret=#secret#
    aai.enable.fetchgroups=#true#/#false#
  6. Replace the placeholder value as described in the following table.

    Table 2-7 Parameter of application.properties file

    Parameter Value
    aai.client.id

    Provide Instance Name (STP_ACC_NM) of the Bearer Token.

    To get the instance name, see the Generating the Bearer Token.

    aai.client.secret Provide the Bearer token (STP_ACC_TKN).

    To get the instance name, see the Generating the Bearer Token.

    aai.enable.fetchgroups Set the value as true for AAI authorization.
    aai.auth.url Provide the AAI_URL.
  7. Perform Step 5 and Step 6 in the application.properties file in the below location to take care of configuration whenever reinstall is required.
    <COMPLIANCE_STUDIO_INSTALLATION_PATH>/mmg-home/mmg-ui/conf
  8. Restart Compliance Studio.