Configuring the Service Provider
When a web request is received using a URL which has a configured Service Provider, that request will be authenticated using SSO, irrespective of other authentication settings.
When a web request is received using a URL which has a configured Service Provider, that request will be authenticated using SSO, irrespective of other authentication settings.
You must configure Service Providers for each ASM resource ASM Core, or Self Service Portal.
Adding a new Service Provider will enable SSO for the URL configured.
Select ≡ > Admin > Integration.
In the Explorer pane, under Single Sign On, select Service Providers.
Select , then complete the following details:
| User Interface | Choose a User Interface from the dropdown |
|---|---|
Select the Save icon to save the details. This will update the metadata.
Then select the Close icon to close the window.
If Users are partitioned, SSO for the Self Service Portal can be configured per partition. If you choose Self Service Portal in the User Interface dropdown field and Users are partitioned then an additional Partition dropdown field will be displayed allowing for you to set the User Partition parameter for the Service Provider.
Users of the Self Service Portal must then access the service using a partitioned URL:
where 1 = the Ref value of the Partition.
This does not affect the partitions the User has access to within ASM, it is used by the Identity Provider for logins to the Self Service Portal.
Changes to the settings on the Service Provider Details screen has the ability to break the communications between the Identity Provider and the Service Provider.
If the Signing Certificate, Service Identifier or Public URL changes, the details must be updated on the Identity Provider (by using the updated metadata xml).
Select ≡ > Admin > Integration.
In the Explorer pane, under Single Sign On, select Service Providers.
Select the listed Service Provider you want to delete, then select .
A warning appears.
Select Yes to confirm the deletion.
Service Identifier
A Service Identifier will be automatically generated. This Identifier must be unique to the ASM System and must be unique to the Identity Provider. Therefore this value is editable, and can be changed at any time to meet these requirements.
Public Url
The Public URL for the service will be generated based upon the URL of the current session but this URL is editable to allow for flexible configuration. This URL will be used to specify the redirect URL used by the Identity Provider. It does not need to be Internet facing, but must be resolvable by all users of the service.
This URL is used to select an Identity Provider when a web request is received. It does not include the specific interface e.g. core.aspx or core.aspx?lite
Multiple Service Providers can be configured for a single service using different URLs and service identifiers. This allows for flexible configuration of SSO in a variety of environments. However, in this version you are unable to configure the Public URL to direct to a specific Portal System.
Identity Provider
Select the Identity Provider from the drop-down field
Signing Certificate
Select the Signing Certificate from the drop-down field
Resource Mapping
Select the Resource Mapping from the drop-down field. (This information can be updated later if the required resource mapping has not been configured.)
Resource Mapping defaults to disabled, if this is set on the Service Provider configuration then the SSO Connector will not attempt to update User Records.
Service Provider Metadata
This field will display any changes made by changing the values in the Service Provider details.