2.4.3 SAML for Authentication and SAML for Authorization

This section describes the SAML for Authentication and SAML for Authorization.

If the REALM type is selected as SAML for authentication and SAML for authorization, configure:
  1. Navigate to <COMPLIANCE_STUDIO_INSTALLATION_PATH>/bin directory.
  2. Open the config.sh file and set the parameters as described in the following table.

    Table 2-8 Parameters of the config.sh file

    Parameter Significance Value
    AUTH_REALM Realm indicates the functional grouping of database schemas and roles that must be secured for an application. Realms protect data from access through system privileges; realms do not give its owner or participant’s additional privileges.

    The Compliance Studio application can be accessed using the following realms:

    FCCMRealm Value=AAI FCCSamlRealm Value=SAML

    		SAML
    SAML_DESTINATION Indicates the SAML IDP URL that the Identity Provider provides after creating the SAML Application. Provide the IDCS-SSO URL.
    SAML_ROLE_ATTRIBUTE Indicates the SAML client identifier provided by the SAML Administrator for the Role and Attributes information while creating the SAML application for Compliance Studio. Provide the group name.
    SAML_LOGOUT_URL Indicates the SAML client identifier provided by the SAML Administrator for the Logout URL information while creating the SAML application for Compliance Studio. Provide the IDCS-SLO URL.
  3. Reinstall Compliance Studio with updated configuration.
  4. Navigate to the <COMPLIANCE_STUDIO_INSTALLATION_PATH>/deployed/mmg-home/mmg-ui/conf directory.
  5. Open the application.properties file and add the following lines at the last:
    #Fetching User-Groups from AAI using Bearer Token
    aai.client.id=#client#
    aai.client.secret=#secret#
    aai.enable.fetchgroups=#true#/#false#
  6. Replace the placeholder value as described in the following table.

    Table 2-9 Parameter of application.properties file

    Parameter Value
    aai.client.id Retain the placeholder as it is.
    aai.client.secret Retain the placeholder as it is.
    aai.enable.fetchgroups Set the value as true for AAI authorization.

    Note: This parameter is mandatory.

  7. Perform Step 5 and Step 6 in the application.properties file in the below location to take care of configuration whenever reinstall is required.
    <COMPLIANCE_STUDIO_INSTALLATION_PATH>/mmg-home/mmg-ui/conf
  8. Restart Compliance Studio.