Versions Compared

Version Old Version 1 New Version Current
Changes made by

Karl Henselin

Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • FLEXDEPLOY_HOME - Directory on the server where FlexDeploy is installed.

  • KEYSTORE_PASSWORD - The Java key store password that you used when creating the keystore above.

  • PRIVATE_KEY_PASSWORD PASSPHRASE -The private key password passphrase that you used when importing the Azure Certificate, which may be different from the keystore password.

  • METADATA_URL - The App Federation Metadata Url (e.g. https://login.microsoftonline.com/<tenant-id>/federationmetadata/2007-06/federationmetadata.xml?appid=<app-id>).

  • FLEXDEPLOY_HOST - FlexDeploy application host

  • FLEXDEPLOY_PORT - FlexDeploy application port

  • ENTITY_ID - Azure Entity id copied from the Azure portal on the single sign on, Basic SAML Configuration Page.

...

Code Block
callbackFilter.defaultUrl = /flexdeploy
saml2Config = org.pac4j.saml.config.SAML2Configuration
saml2Config.keystorePath = 
saml2Config.keystorePassword = KEYSTORE_PASSWORD
saml2Config.privateKeyPassword = PRIVATE_KEY_PASSWORDPASSPHRASE
saml2Config.identityProviderMetadataPath = METADATA_URL

# Adjust this based on your maximum session lifespan in Microsoft Settings. If too short, you will get the error: Authentication issue instant is too old or in the future
saml2Config.maximumAuthenticationLifetime = 76000 

saml2Config.serviceProviderEntityId = ENTITY_ID
saml2Config.serviceProviderMetadataPath = FLEXDEPLOY_HOME/sso/FlexDeployMetadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
clients.callbackUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/callback
clients.clients=$saml2Client
isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = SAML2Client
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin
logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = false
logout.defaultUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/next/#/home

...

Setting up group mapping with the FlexDeploy SSO Realm

See Group Mapping with SSO Realm for the steps.