Appendix G. Configuring MFT for SAML SSO

TIBCO MFT Internet Server and TIBCO MFT Command Center support Single Sign On (SSO) when using SAML (Security Assertion Markup Language). When using SAML for SSO, TIBCO MFT Internet Server and TIBCO MFT Command Center perform the role of service provider (SP).

Prerequisites

You must install and configure a SAML identity provider (IdP) before configuring SAML for the MFT server.
Note: Each SAML implementation is different and often requires significant work to integrate MFT into the SAML infrastructure. Typical SAML implementations will require TIBCO Professional Services to work in conjunction with your SAML support staff to ensure a smooth SAML implementation.
To configure TIBCO MFT Internet Server and TIBCO MFT Command Center SAML integration, you must perform the following operations:
  1. Creating SAML Private Keys
  2. Importing SAML Identity Provider Metadata
  3. Configuring SAML Service Provider Metadata
  4. Generating SAML Service Provider Metadata
  5. Sending SAML Service Provider Metadata to the Identity Provider
  6. Restarting the MFT Server
  7. Updating MFT Shortcuts

SAML is configured on a server by server basis. Each MFT server that needs to use SAML must be configured independently of the other MFT servers.

For detailed descriptions of individual SAML fields, see the help information for the SAML administrator pages.

Note: After the SAML configuration is updated, you must restart the MFT Server. The SAML information is loaded at startup time and cannot be refreshed.