Versions Compared

Old Version 2

changes.mady.by.user Chandresh Patel

Saved on

compared with

New Version Current

changes.mady.by.user Chandresh Patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Then click the Get started link in Set up single sign on.

...

Edit the Basic SAML Configuration.

...

Code Block
#Create a keystore (if needed)
/u01/java/jdk8/bin/keytool -genkey -alias mykeystorealias -keyalg RSA -keystore /homeu01/oracleflexdeploy/flexdeploy.keystore
Code Block
# import the Azure certificate into your keystore
/u01/java/jdk8/bin/keytool -import -alias azad -file /var/tmp/azad.certcer -keystore /homeu01/oracleflexdeploy/flexdeploy.keystore

Also copy the App Federation Metadata Url. You will need this in the sso.config file.

...

  • FLEXDEPLOY_HOME - Directory on the server where FlexDeploy is installed.

  • KEYSTORE_PASSWORD - The Java key store password that you used when creating the keystore above.

  • PRIVATE_KEY_PASSWORD -The private key password that you used when importing the Azure Certificate, which may be different from the keystore password.

  • METADATA_URL - The App Federation Metadata Url (e.g. https://login.microsoftonline.com/<tenant-id>/federationmetadata/2007-06/federationmetadata.xml?appid=<app-id>).

  • FLEXDEPLOY_HOST - FlexDeploy application host

  • FLEXDEPLOY_PORT - FlexDeploy application port

  • APPLICATIONENTITY_ID - Azure application/client Entity id Copy copied from the Azure portal on the Overview single sign on, Basic SAML Configuration Page.

    • Image Removed

The Active Directory users or groups of the users (who are trying to login to FlexDeploy), should be associated to the Enterprise Application. Otherwise, users will get the below error while logging in.

...

Code Block
callbackFilter.defaultUrl = /flexdeploy
saml2Config = org.pac4j.saml.config.SAML2Configuration
saml2Config.keystorePath = 
saml2Config.keystorePassword = KEYSTORE_PASSWORD
saml2Config.privateKeyPassword = PRIVATE_KEY_PASSWORD
saml2Config.identityProviderMetadataPath = METADATA_URL

# Adjust this based on your maximum session lifespan in Microsoft Settings. If too short, you will get the error: Authentication issue instant is too old or in the future
saml2Config.maximumAuthenticationLifetime = 76000 

saml2Config.serviceProviderEntityId = spn:APPLICATIONENTITY_ID
saml2Config.serviceProviderMetadataPath = FLEXDEPLOY_HOME/sso/FlexDeployMetadata.xml
saml2Client = org.pac4j.saml.client.SAML2Client
saml2Client.configuration = $saml2Config
clients.callbackUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/callback
clients.clients=$saml2Client
isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = SAML2Client
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin
logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = false
logout.defaultUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/next/#/home

...

Setting up group mapping with the FlexDeploy SSO Realm

See Group Mapping with SSO Realm for the steps.