Creating and Installing a Resource Template and Resource Instance

SAML SSO Web Profile policy requires a SAML Web Profile Authentication Shared Resource to be deployed on the node. This shared resource should be created in ActiveMatrix Administrator UI or CLI by using the SAML SSO Web Profile Authentication Resource Template.

GUI

Procedure
  1. In the ActiveMatrix Administrator UI, create and configure a SAML SSO Web Profile Authentication resource template. For more information, see Creating a Resource Template. For more information about configuration fields of General and Advanced tab, see SAML SSO Web Profile Authentication Resource Template.

    General Tab

    Advanced Tab

    You can sign or encrypt SAML requests and responses for advanced security. The Advanced tab provides configuration fields for signing or encrypting SAML requests and responses. You must provide valid public key or certificate to the IdP so that it can validate signed requests. For more information about keystore, see Keystores.

  2. Install the SAML SSO Web Profile Authentication resource instance. For more information, see Installing Resource Instances on Nodes.

CLI

Procedure

  1. Create and configure a SAML SSO Web Profile Authentication resource template using Administrator CLI. For more information, see Creating a Resource Template. Edit the configuration fields of resource template as shown in the following sample resourcetemplate_data.xmlfile located at <CONFIG_HOME>\admin\<enterprise-name>\samples\ directory.
    Sample resourcetemplate_data.xml 
    <ResourceTemplate
  xsi:type="amxdata:SamlSSOWebProfileResourceTemplate"
		name = "SamlSSOWebProfileRT"
		entityId="entityId"
  authenticationSuccessfulURL="/landing"
  idpHttpMetadataURL="https://idp-alias/Metadata.xml"  
  idpLoginURL="/login"
		idpLogoutURL="/logout"
		idpSSOURL="/SSO"
		idpSingleLogoutURL="/SingleLogout" 
  logoutSuccessfulURL="/loggedOut"		
		authenticationFailureURL="/error"
		responseSkewTimeInSec="60"
		unauthorizeRedirectRequests="false"
		localLogout="false"
  description="This is Saml SSO Web Profile resource template">
		<!-- Optional -->
		<SigningEncryptionConfiguration
			xsi:type="amxdata:SamlSSOWebProfileResourceTemplate_SigningEncryption"
   signAuthNRequest="false"			 
   signLogoutRequest="false"
	  signLogoutResponse="false" 
   wantAssertionSigned="false"
   signMetadata="false"
   encryptAssertion="false"
   keystoreJndiName="keystoreJndi"
   keyAliasEncryption="alias"
			keyPassEncryption="pass"
			keyAliasSign="alias"
			keyPassSign="pass"
			defaultKey="alias"
			defaultPass="pass">
		</SigningEncryptionConfiguration>
		</ResourceTemplate>
    For more information about configuration fields, see SAML SSO Web Profile Authentication Resource Template.
    Note: The optional SigningEncryptionConfiguration in the resourcetemplate_data.xml must be used if you are signing or encrypting SAML requests and responses, otherwise it must be commented.
  2. Install the SAML SSO Web Profile Authentication resource instance using Administrator CLI. For more information, see Installing Resource Instances on Nodes.