Deploy SAML in Grid
Before manually deploying SAML in Grid, set up a properties file that contains the configuration data for the deployment profile. Numerous properties can be configured for the manual SAML deployment in Grid. While only a select few properties are required, any omitted properties will automatically assume their default values in the properties file.
Property | Required | Description |
---|---|---|
idpFqdn | Yes | Fqdn for the Identity Provider |
idpHttps | No | Https port for the Identity Provider. The default value is 9643. |
idpUri | No | Uri to the Identity Provider metadata. The default value is /FederationMetadata/2007-06/FederationMetadata.xml. |
gridPurpose | Yes | A short description of the setup's purpose. This description is incorporated into the application name in IFS and the Relaying Party Trust in AD FS to facilitate easier identification. |
XiPlatformFarmName | Yes | The Farm name of the InforOS installation. |
XiPlatformID | Yes | The ID of the InforOS installation. |
identityClaimName | No | The claim that contains the name for the Grid Principal. The default value is http://schemas.infor.com/claims/Identity. |
displayNameClaim | No | The claim containing the display name for the Grid Principal. If omitted, the value in the identityClaimName property is used. |
idp.metadata.service.certificate.chain.base64 | Yes | The certificates needed to establish the trust to the Identity Provider metadata endpoint. |
idp.wstrust.sts.service.certificate.chain.base64 | Yes | The certificates needed to establish the trust to the Identity Provider wstrustSts endpoint. |
idp.usernamemixed.service.certificate.chain.base64 | Yes | The certificates needed to establish the trust to the Identity Provider userMixed service. |
sp.address.fqdn | Yes | Fqdn used for end user access to the SAML router |
sp.adress.port | No | Https port for end user for the SAML router. The default value is 443. |
assertionTimeout | No | Maximum permitted lifetime in seconds of a SAML Assertion. The default value is 300 seconds or 5 minutes. |
sessionTimeout | No | The session time out in minutes for SAML sessions. The default value is 960. |
nameidFormat | No | NameId format used in the SAML Assertion. The default value is urn:oasis:names:tc:SAML:2.0:nameid-format:transient. |
authLevel | No | This property specifies the authentication level that the SAML SP should request
from the user authentication in IdP. The available values ranging from the least
secure:
The default value is Password Protected Transport. |
authLevelComparison | No | This property defines the criteria for comparing the authentication level. The
available values are:
The default value is minimum. |
idp.last.activity.cookie.name | No | This property is the name of the Ming.le keep alive cookie. |
idp.last.activity.domain.name | No | This property is the domain name of the Ming.le kepp alive cookie. |
idp.wstrust.sts.url | Yes | This property is the WS-Trust endopoint for retrieving OAuth 2.0 tokens for ION API. |
idp.oauth.token.url | Yes | This property is the OAuth 2.0 endpoint reference for retrieving OAuth 2.0 token for ION API. |
idp.usernamemixed.service.enabled | No | This property is used to disable Username Token Service at the deployment for
cloud. The default value is true for on-premises, and false for cloud. |