...

There are some limitations in the current version of this integration:

• Group mapping (Claim in OpenID Connect) is not yet supported. You will need to configure authorization for users using FlexDeploy UI.

• The REST API still requires logging in using local realm users, alternatively you can use or API Tokens.

• Configuration is done using configuration files. There is no UI available at this time.

• Once you enable single sign-on, you will not be able to configure or use other LDAP Realms for authentication and authorization.

...

Enable Single Sign-On and/or Multi Factor Authentication

Single sign-on integration will be done by adding a configuration file on the FlexDeploy application server host. You should keep this file readable only by the FlexDeploy process user. There is no restriction on where this file should be kept, but it’s a good idea to keep it with the FlexDeploy installation files, For example, $FLEXDEPLOY_HOME/.sso folder. If you change values in this file, you will need to restart your FlexDeploy server to pick up those changes. Make sure permissions on this folder are 700, so as to not allow other users to read this file.

The configuration file can be named as per your wish, but we will use the name fdsso.config for this documentation. The location of the configuration file will need to be added to server startup arguments in setenvoverride.sh file or setenvoverride.bat file. We recommend that this fdsso.config file is not kept under apache-tomcat-flexdeploy folder, as that folder is replaced during upgrade process. Here is the syntax for startup argument:

-Dflexagon.fd.sso.config=FULLY_QUALIFIED_PATH_TO_SSO_CONFIG_FILE

Here are some examples of fdsso.config files for various providersThere is now a UI for configuring SSO realms. If you previously used an SSO Config file, it will be imported for you. See the Realms page and its children for more information.