Support for SSO between Ping Federatoion And AutoSys WCC with SAML 2.0
search cancel

Support for SSO between Ping Federatoion And AutoSys WCC with SAML 2.0

book

Article ID: 421474

calendar_today

Updated On:

Products

Autosys Workload Automation

Issue/Introduction

Our company uses Ping Federation and SAML 2.0 to enable single sign-on.
Does AutoSys / WCC support this integration?

Our Ping Administrator had the following questions about this integration.

  1. Does Broadcom have a metadata XML file?
  2. Does Broadcom have a Custom Entity ID?
  3. Application SAML Token Consumer URL
    (Application endpoint (s) where the SAML token needs to be posted to. 
    Multiple endpoint URLs are allowed, and if needed, then enter them in a separate line, one below the other.)
  4. Upload X509 file
  5. Choose from the list of attributes in Active Directory to be sent in the FMSSO SAML response
  6. Please check with your vendor if only the SAML token within the XML response needs to be signed
  7. Please check with your vendor if the entire SAML XML response needs to be signed

Environment

Autosys 24.1.X

Resolution

Questions:

  1. Do we support SAML 2.0 with any identity provided, such as PING?
    Answer: Yes. A few customers are already using PingFederate for WCC.

  2.  If so, do we have any customer-facing documentation they can follow?
    Answer: See the additional information section

  3. Does EEM have to be a certain version?
    Answer: For WCC 24.1, the ISO has EEM. We need to use EEM from the same ISO of 24.1, which has support for SAML 2.0.

  4. What are the steps for configuring SSO for WCC? EEM first, then WCC?
    Answer: We can configure anyone as first. WCC configuration is pretty simple. EEM configuration requires a keystore and a truststore along with PingFederate configuration information.



  5. Does Broadcom have a metadata XML file?
    Answer: No. Broadcom does not provide a metadata XML file. The PingFederate admin should generate and provide the metadata XML file from their PingFederate server.

  6. Does Broadcom have a Custom Entity ID?
    Answer: No, we don't have any such ID. We follow OpenSAML standards.

  7. Application SAML Token Consumer URL
    Application endpoint (s) where the SAML token needs to be posted to. Multiple endpoint URLs are allowed, and if needed, then enter them in a separate line, one below the other
    Answer: Single URL:
    https://<hostname>:<port>/wcc/rest/launcher/saml

  8.  Upload X509 file
    Answer: Yes. The X509 signing certificate from PingFederate needs to be uploaded/imported into EEM's truststore.
    This certificate is used by EEM to verify the signature of the SAML responses received from PingFederate.
    The certificate should be the one that PingFederate uses to sign the SAML responses.

  9. Choose from the list of attributes in Active Directory to be sent in FMSSO SAML response
    Answer: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name or equivalent should be configured in EEM.

  10. Please check with your vendor if only the SAML token within the XML response needs to be signed
    Answer: Entire response.

  11. Please check with your vendor if the entire SAML XML response needs to be signed
    Answer: Yes.

Additional Information

Review the documentation below on configuring Autosys / WCC 24.1 with SSO
Configure SSO Options

SAML 2.0 HTTP Post Binding with ADFS

SAML2.0 Artifact Binding with ADFS

 

Powered by Wolken Software