Configuring Identity Provider for SAML SSO

Identity provider (IdP) is an authentication system that receives and authenticates SAML authentication request and responds with SAML authentication assertion.

Each IdP, for example Microsoft Active Directory Federation Services (ADFS) and Google has its own procedures for SAML SSO configuration. For more information about SAML SSO configuration, see the documentation of the IdP that you use.

Before users can log in to an application using IdP-issued credentials, the application must be registered with the IdP. The Entity Id field configured in the IdP must match exactly with the Entity Id field in SAML SSO Web Profile Authentication Resource Template.

To allow requests from an IdP to an ActiveMatrix application, add the IdP domain in allowed referrers list using the com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers node level JVM property and restart the node. For more information about setting a JVM property of a node, see JVM Configuration of a Node.

For example, if you are using google as an IdP then add the following line in runtime node's TRA file and restart the node: 
java.property.com.tibco.amf.hpa.tibcohost.jetty.httpconnector.allowed.referers=google.com