SAML configuration steps in Workforce Management

Perform these steps to configure SAML authentication for on-premises deployments of WFM:

  1. In the Workforce Management application, select Maintenance > System Administration > Registry Maintenance.
  2. In the Registry Tree, select system > security > SAML.
  3. Edit these registry parameters as required:
    Note: These registry parameters are also documented in the Infor Workforce Management Registry Parameter Reference Guide.
    ENABLE_SAML_SSO
    Set to true to enable SAML SSO.
    SERVICE_PROVIDER_NAME
    Specify the name of the service provider as defined by the identity provider (IdP). This should match the value entered in the Issuer field in your IdP. See Creating a Service Provider for Workforce Management.
    IDP_SSO_URL
    Specify the URL on the IdP server to send the SAML AuthnRequest to. The value is provided when configuring the service provider settings in your IdP. For more information, see Creating a Service Provider for Workforce Management.
    IDP_SLO_URL
    Leave this registry parameter blank.
    ATTRIBUTE_CONTAINING_USERNAME
    Leave this value blank unless you are configuring a user name in claim. For more information, see Optional configuration - User Name in Claim.
    SSO_BINDING
    Set to POST. This value determines how SAML requests are sent to the IdP from WFM.
    FORCE_AUTHENTICATION

    Set this parameter to true.

    This parameter controls whether the identity provider (IdP) always prompts for user authentication, even if the user is already authenticated in the IdP.

    CUSTOM_LOGOUT_PAGE

    With this parameter you can specify the URL to use after the user logs out of the WFM application. If a value is provided, then after logout the application redirects to the page specified by the parameter. Otherwise, the application uses the default login page.

    This parameter only applies to WFM and ETM. Mobility logout is not configurable.

    WEB_SERVER_URL

    Use the WEB_SERVER_URL registry parameter to configure the SSO relay URL. It must be set as the webserver URL. This parameter is applicable to on-premises and single-tenant cloud deployments that do not authenticate through Infor OS Portal.

    For example, if WFM is deployed to https://rtmsmarch-dev.wfmdev.inforbvdev.com/ then the WEB_SERVER_URL registry parameter has to be set as https://rtmsmarch-dev.wfmdev.inforbvdev.com without the trailing slash. The port can also be specified if WFM is deployed on a non-default port. For example, https://rtmsmarch-dev.wfmdev.inforbvdev.com:8080.

    Note: The WEB_SERVER_URL registry cannot be set as localhost if WFM is deployed locally.

    If you do not set this registry parameter, you may receive a "no protocol:" error at some point during the deployment process.

    For more information on this registry parameter, see Infor Workforce Management Registry Parameter Reference Guide.

  4. Clear the Workforce Management cache from the console or restart the application server instances for the changes to take effect.
    For information on clearing the cache, see the Infor Workforce Management Time and Attendance Implementation and Administration Guide.