Jump to: navigation, search

SAML authentication

Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication.

Configuring SAML

To enable SAML, make the following configuration changes in the serverSettings section of the application.yaml file on each of your Web Services nodes (server-settings.yaml if you're installing Web Services and Applications version or earlier):


  1. Set the following options in the SSL and CA section:
  2. Set the following option in the SAML section:
    • samlSettings — the following properties are mandatory:
      • encryptionKeyName
      • signingKeyName
      • identityProviderMetadata
  3. Save the changes to the file. Your configuration should look something like this:
    # SSL and CA
    caCertificate: /Users/samluser/Documents/Keys/keystore.jks
    jksPassword: password
    # SAML
        serviceProviderEntityId: genesys.staging.htcc
        encryptionKeyName: client
        signingKeyName: client
        identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml
  4. To activate SAML authentication, append the browser URL for Workspace Web Edition with ?authType=saml.
  5. To enable extended SAML logging, add the following string to logback.xml file: <logger name="org.springframework.security.saml" level="%LEVEL%"/>, where valid values for LEVEL are INFO (preferred) or DEBUG.


Generating security keys

You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:

keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>

If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:

keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=HTCC, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"

Next step

This page was last edited on September 2, 2016, at 19:10.
blog comments powered by Disqus