Deploy SAML in Grid

Before manually deploying SAML in Grid, set up a properties file that contains the configuration data for the deployment profile. Numerous properties can be configured for the manual SAML deployment in Grid. While only a select few properties are required, any omitted properties will automatically assume their default values in the properties file.

Property Required Description
idpFqdn Yes Fqdn for the Identity Provider
idpHttps No Https port for the Identity Provider. The default value is 9643.
idpUri No Uri to the Identity Provider metadata. The default value is /FederationMetadata/2007-06/FederationMetadata.xml.
gridPurpose Yes A short description of the setup's purpose. This description is incorporated into the application name in IFS and the Relaying Party Trust in AD FS to facilitate easier identification.
XiPlatformFarmName Yes The Farm name of the InforOS installation.
XiPlatformID Yes The ID of the InforOS installation.
identityClaimName No The claim that contains the name for the Grid Principal. The default value is http://schemas.infor.com/claims/Identity.
displayNameClaim No The claim containing the display name for the Grid Principal. If omitted, the value in the identityClaimName property is used.
idp.metadata.service.certificate.chain.base64 Yes The certificates needed to establish the trust to the Identity Provider metadata endpoint.
idp.wstrust.sts.service.certificate.chain.base64 Yes The certificates needed to establish the trust to the Identity Provider wstrustSts endpoint.
idp.usernamemixed.service.certificate.chain.base64 Yes The certificates needed to establish the trust to the Identity Provider userMixed service.
sp.address.fqdn Yes Fqdn used for end user access to the SAML router
sp.adress.port No Https port for end user for the SAML router. The default value is 443.
assertionTimeout No Maximum permitted lifetime in seconds of a SAML Assertion. The default value is 300 seconds or 5 minutes.
sessionTimeout No The session time out in minutes for SAML sessions. The default value is 960.
nameidFormat No NameId format used in the SAML Assertion. The default value is urn:oasis:names:tc:SAML:2.0:nameid-format:transient.
authLevel No This property specifies the authentication level that the SAML SP should request from the user authentication in IdP. The available values ranging from the least secure:
  • Username and Password
  • Password Protected Transport
  • Transport Layer Security (TLS) Client
  • X.509 Certificate
  • Integrated Windows Authentication
  • Kerberos

The default value is Password Protected Transport.

authLevelComparison No This property defines the criteria for comparing the authentication level. The available values are:
  • exact - Only the provided authentication level is accepted.
  • better - The authentication level must be stronger than the specified one.
  • minimum - The authentication level must be at least as strong as the specified one.
  • maximum - The authentication level must not exceed the specified one.

The default value is minimum.

idp.last.activity.cookie.name No This property is the name of the Ming.le keep alive cookie.
idp.last.activity.domain.name No This property is the domain name of the Ming.le kepp alive cookie.
idp.wstrust.sts.url Yes This property is the WS-Trust endopoint for retrieving OAuth 2.0 tokens for ION API.
idp.oauth.token.url Yes This property is the OAuth 2.0 endpoint reference for retrieving OAuth 2.0 token for ION API.
idp.usernamemixed.service.enabled No This property is used to disable Username Token Service at the deployment for cloud.

The default value is true for on-premises, and false for cloud.