Providing remote metadata for a SAML Single Sign On installation
The metadata for Single Sign On via SAML can be provided via two different mechanisms. It can either be uploaded to the platform itself or provided as a https-based URL from which the metadata can be downloaded. This article explains the benefits of remote metadata and the requirements for both the iGrafx Cloud and on-premises (Datacenter) installations.
Benefits
SAML metadata files contain certificate information that can expire. It also contains information that may change as you change settings in your Identity Provider's configuration. By providing iGrafx with your remote metadata URL, your iGrafx Platform will periodically get the latest version of your metadata including any updated certificates. This reduces manual maintenance steps by IT and iGrafx Support.
Cloud Configuration
Requirements
Your metadata URL needs to be publicly available from the internet under a https-based URL. No sensitive information is commonly revealed in metadata files.
Step-by-step guide
- Retrieve the metadata URL from your Identity Provider (steps vary by provider)
- Send the metadata URL to iGrafx Support via the ECHO Support Desk
- The iGrafx Support will update the configuration and schedule a one-time platform restart to apply the change
- Your iGrafx Cloud platform is now using the Identity Provider updateable remote metadata for SAML SSO
Datacenter Configuration
Requirements
Your metadata URL needs to be available at any URL that can be reached from the server that is running the iGrafx Platform.
Step-by-step guide
- Retrieve the metadata URL from your Identity Provider (steps vary by provider)
Edit the
igrafx.properties
file in yourigrafxdata
installation folder and add the lineigrafx.usercentral.saml.metadataurl=YOUR_METADATA_URL
If the metadata URL is https, which it usually is, you might have to download the certificate for the respective website in X.509 format and import it into your SAML Keystore using the following command
keytool -import -alias ALIAS_FOR_IDP -file YOUR_IDP_CERTIFICATE_FILE.cer -keystore samlKeystore.jks
- Restart the iGrafx Platform service
- Your iGrafx platform is now using the Identity Provider updateable remote metadata for SAML SSO
Related articles