CAST Console - SAML Configuration - How to generate Metadata xml file for SAML configuration

Follow

The page provides information about configuration of metadata.xml file and how it can be authenticated and added into servers of the IDP, for SAML authentication.

 

 

 

Release

Yes/No
8.3.x  (tick)

 

 

 

RDBMS

Yes/No
Oracle Server  (tick)
Microsoft SQL Server  (tick)
CSS2  (tick)

 

 

 

Release

Yes/No
>1.15  (tick)

 

 

  1. Configure AIP Console for SAML authentication.

 

To import the metadata.xml file, please follow the below steps -

  1. First we need to generate a Self signed certificate using command:  

    On Windows:

    <JRE home>\bin\keytool -genkey -alias mycert -keyalg RSA -keystore "C:\ProgramData\CAST\AipConsole\AipConsole\certificate.jks

     

  2. Enable  HTTPS as mentioned in the doc  Changing Console and Node port numbers - activating HTTPS
  3. Copy the sample AIP Console Meta Data file  by navigating to  https://localhost:<portnumber>/saml/metadata  and share it to the IT/IDP team. You can generate this after restarting the Console for the first time after configuring to use the SAML.  SAML authentication)
  4. This Metadeta.xml file needs to be shared with the IT Team so that, they will register it in the SAML server and provide you with the metadata.xml file to configure. 
  5. Place the file in the machine and specify the path under security.saml.metadata.source in the aipConsole.properties file 

    During the installation of the AIP Console

    Post installation using aipConsole.properties

    Description of option

    SAML metadata source

    		 security.saml.metadata.source=

    Specify the location for the metadata source (as outlined in IDP MetaData generation), for example:

    Windows: <AIP_console_installation>\AipConsole\data\MetadataFile.xml
    Linux: $HOME\CAST\AipConsole\data\MetadataFile.xml

    • You can also specify:
      • a http resource by providing a full URL to the metadata file
      • a classpath resource using "classpath:myMetadataFile.xml"
       

     

    Note - If the Metadata.xml file is not authenticated with the IDP server from the IDP provider, we will end up with an error  while configuring AIP Console with SAML.

     

  6. If the above steps do not solve your issue then contact CAST Technical Support. with the following Relevant input    

 

Relevant Input

  • Log file showing the error
  • A detailed list of the steps done
  • Screenshots from AIP Console showing the issue and configuration of SAML.

 

Ticket # 29434

 

SAML authentication

Changing Console and Node port numbers - activating HTTPS

 

Have more questions? Submit a request

Comments

Powered by Zendesk