AIP Console - Information - SAML Configuration - How to generate Metadata xml file for SAML configuration

Created by Sumit Kumar Sinha on Feb 11, 2022
Purpose

The page provides information on configuration of metadata.xml file and how it can be authenticated and added into servers of the IDP, for SAML authentication.

Observed in CAST AIP


Release

Yes/No

8.3.x (tick)
Observed on RDBMS


RDBMS

Yes/No

Oracle Server (tick)
Microsoft SQL Server (tick)
CSS2 (tick)
AIP Console 

Release

Yes/No

>1.15 (tick)
Step by Step Scenario
  1. Configure AIP Console for SAML authentication.
Action Plan

To import the metadata.xml file, please follow the below steps -

  1. First we need to generate a Self signed certificate using command:  

    On Windows:

    <JRE home>\bin\keytool -genkey -alias mycert -keyalg RSA -keystore "C:\ProgramData\CAST\AipConsole\AipConsole\certificate.jks


  2. Enable  HTTPS as mentioned in the doc  Changing Console and Node port numbers - activating HTTPS
  3. Copy the sample AIP Console Meta Data file  by navigating to  https://localhost:<portnumber>/saml/metadata  and share it to the IT/IDP team. You can generate this after restarting the Console for the first time after configuring to use the SAML.  SAML authentication)
  4. This Metadeta.xml file needs to be shared with the IT Team so that, they will register it in the SAML server and provide you with the metadata.xml file to configure. 
  5. Place the file in the machine and specify the path under security.saml.metadata.source in the aipConsole.properties file 

    During the installation of the AIP Console

    Post installation using aipConsole.properties

    Description of option

    SAML metadata sourcesecurity.saml.metadata.source=

    Specify the location for the metadata source (as outlined in IDP MetaData generation), for example:

    Windows: <AIP_console_installation>\AipConsole\data\MetadataFile.xml
    Linux: $HOME\CAST\AipConsole\data\MetadataFile.xml


    • You can also specify:
      • a http resource by providing a full URL to the metadata file
      • a classpath resource using "classpath:myMetadataFile.xml"


    Note - If the Metadata.xml file is not authenticated with the IDP server from the IDP provider, we will end up with an error  while configuring AIP Console with SAML.

  6. If the above steps do not solve your issue then contact CAST Technical Support. with the following Relevant input    

Relevant Input

  • Log file showing the error
  • A detailed list of the steps done
  • Screenshots from AIP Console showing the issue and configuration of SAML.
Notes/comments

Ticket # 29434

Related Pages

SAML authentication

Changing Console and Node port numbers - activating HTTPS