Using SAML Web Profile Authentication with Custom Applications

To use SAML Web Profile with ActiveMatrix BPM custom applications, an interceptor script (bpm-sso-interceptor.min.js) must be included in your application.

When an Identity Provider (IdP) successfully authenticates the user, the user is redirected to the Authentication Successful URL specified in the SAML Web Profile shared resource. ActiveMatrix BPM then re-routes the response to the appropriate application using the interceptor script in the application. This allows for multiple applications to be using SAML Web Profile with a single IdP at the same time.

New installations of Openspace, Workspace (including WCC applications), and Application Development-produced applications, version 4.3 and later, automatically include the interceptor script. However, if you are using any of those types of applications that are pre-version 4.3, and you want to use SAML Web Profile authentication, you must include the interceptor script.

All other ActiveMatrix BPM custom applications, including those created with the ActiveMatrix BPM REST Public API, must include the interceptor script. (There is an exception with the bundled applications that use the bpm-login business component; for more information, see Introduction to Single Sign-On Authentication.)

To include the script in your application, include the following script tag in the application's launch file:

<script type="text/javascript" language="javascript" src="../openspace/sso/bpm-sso-interceptor.min.js"></script>