Skip to main content
Skip table of contents

Providing remote metadata for a SAML Single Sign On installation

The metadata for Single Sign On via SAML can be provided via two different mechanisms. It can either be uploaded to the platform itself or provided as a https-based URL from which the metadata can be downloaded. This article explains the benefits of remote metadata and the requirements for both the iGrafx Cloud and on-premises (Datacenter) installations.

Benefits

SAML metadata files contain certificate information that can expire. It also contains information that may change as you change settings in your Identity Provider's configuration. By providing iGrafx with your remote metadata URL, your iGrafx Platform will periodically get the latest version of your metadata including any updated certificates. This reduces manual maintenance steps by you and your IT team.

Cloud Configuration, Datacenter Configuration (18.2.6 and newer)

Requirements

Your metadata URL needs to be publicly available from the internet under a https-based URL. No sensitive information is commonly revealed in metadata files.

Step-by-step guide

  1. Retrieve the metadata URL from your Identity Provider (steps vary by provider)
  2. In your Process Design application, with a user that has the Manage User Directories server level permission, navigate to Administration -> User Management -> SAML
  3. Click UPDATE IDENTITY PROVIDER METADATA and select Metadata URL as your source
  4. Enter your metadata URL from step 1 and click save
  5. Log out of the application
  6. Log in via Single Sign On and confirm it is working
  7. Your iGrafx Cloud platform is now using the Identity Provider updateable remote metadata for SAML SSO. Any changes will automatically take effect going forward, and new content is checked for at a 30 minute interval.

Datacenter Configuration (18.2.5 and earlier)

Requirements

Your metadata URL needs to be available at any URL that can be reached from the server that is running the iGrafx Platform.

Step-by-step guide

  1. Retrieve the metadata URL from your Identity Provider (steps vary by provider)
  2. Edit the igrafx.properties file in your igrafxdata  installation folder and add the line

    CODE
    igrafx.usercentral.saml.metadataurl=YOUR_METADATA_URL
  3. If the metadata URL is https, which it usually is, you might have to download the certificate for the respective website in X.509 format and import it into your SAML Keystore using the following command

    CODE
    keytool -import -alias ALIAS_FOR_IDP -file YOUR_IDP_CERTIFICATE_FILE.cer -keystore samlKeystore.jks
  4. Restart the iGrafx Platform service
  5. Your iGrafx platform is now using the Identity Provider updateable remote metadata for SAML SSO



JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.