I am trying to setup Single Sign-In (SSO) on our Operator Console servers, following the guide here:
We have 2 Operator Console servers. When I configured the first server, I was able to create the metadata, but I used the server's IP address instead of the virtual ip that we are using, so the metadata was not accurate.
I repeated the configuration on the second server, but I am unable to generate metdata, using either the 2nd server IP or the virtual ip (I get Page Not found for both attempts).
I have not configured Single Sign-On before, so I'm not sure where to start troubleshooting.
Configure Operator Console to Use SAML Single Sign-On
On the OC robot,
The -alias is just a label (can be any value).
3. Respond to the prompts.
Any first and last name is fine but just remember/document all of the values you enter.
4. Enter Y when you are prompted if the information is correct.
5. Press enter at the last prompt.
You'll see a Warning message but the keystore.jks is created, e.g., in cd <install dir>\jre\jre8u332b09\bin.
6. Save the password you used.
7. cd -> probes->service->wasp->webapps->samlsso->WEB-INF->classes->security
8. copy the keystore.jks you created to this directory.
Note that OC should be running on https.
9. Open the file-> StepsGenerateEncryptedText.txt.
10. Follow the steps to encrypt the password text, or use the following Encryption Utility:
11. Navigate to https://<OC_robot_FQDN>/operatorconsole_portlet/encryptText.jsp
12. Enter the alias you created earlier, e.g., UIM_204
13. Click the Encrypt button.
14. Then do the same to encrypt the password.
15. Save both values in a simple notepad file.
16. Navigate to -> probes->service->wasp->webapps->samlsso->WEB-INF-> classes
17. Open Notepad ->Run as Administrator and
18. Edit the properties file-> samlssoConfig
19. Paste the alias (Encrypted Text value)
20. Paste the same password (Encrypted Text value) into the following parameters:
21. Change the parameter in the file from false to true->
22. Save the samlssoConfig.properties file as All Files NOT a text file.
23. Restart the OC wasp probe.
24. Login to OC.
Note that for a Multi-instance OC setup, the keystore and saml sso configuration files must be the same.
25. Each wasp needs to be restarted after making the changes.
Generate the metadata by opening a browser and go to http://<OC_Server>/samlsso/saml/metadata.
The SAML metadata for OC is displayed.
You can access the metadata page using the OC server FQDN, Operator Console (OC) server IP address, or via a proxy URL if you are using a proxy server. The SAML metadata address you use must match the format you will use in production. Specific metadata is generated based on the address you use to access the SAML metadata page.
Please download and review engineering document below for more detail