Scribd
Upload
148 views

Configurating SAML Authentication

The document describes how to configure single sign-on (SSO) using SAML for authentication between OpenAM as the identity provider and the Pega Platform as the service provider. The steps include installing OpenAM, configuring it as an identity provider with a test user, importing its metadata into Pega and configuring Pega as a service provider, then registering Pega with OpenAM and enabling external authentication in Pega to test SSO login.

Uploaded by

krishnamurthyyadav
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
148 views

Configurating SAML Authentication

The document describes how to configure single sign-on (SSO) using SAML for authentication between OpenAM as the identity provider and the Pega Platform as the service provider. The steps include installing OpenAM, configuring it as an identity provider with a test user, importing its metadata into Pega and configuring Pega as a service provider, then registering Pega with OpenAM and enabling external authentication in Pega to test SSO login.

Uploaded by

krishnamurthyyadav
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Configurating SAML authentication

3 Tasks
1 hr 30 mins
1 hr 30 mins
Release 1
Pega Platform 8.3.1
Pega Platform
8.5
English
Scenario
Front Stage is considering using SSO using SAML to Authenticate Operators. There are many Identity Providers available in
the marketplace, some are free services and some charge per user. Before Front Stage decides on an Identity Provider they
have requested that you develop a Proof of Concept using OpenAM as the identity provider. Most Identity Providers require
internet access to configure. OpenAM was selected for the Proof of Concept because it can be configured and tested in a
closed system like a Virtual Machine without requiring Internet Connectivity. OpenAm (Open Access Management) can be
downloaded from the Forgerock website here: Access Management
(https://backstage.forgerock.com/downloads/browse/am/latest).

The following table provides the credentials you need to complete the challenge. This challenge requires the use of the Linux
Lite VM to complete.

Role User name Password

Administrator Admin@Booking rules

Design and implement an SSO authentication scheme using SAML as a proof of concept.

Use OpenAM as the Identity Provider.

Detailed Tasks

Review solution details


Install Open AM

1. Download the Access Management version 6.5.2.2 *.war file in the ZIP file attached at the bottom of the challenge.
(https://backstage.forgerock.com/downloads/browse/am/latest).
2. Extract the AM-eval-6.5.2.2.war from the ZIP file.
3. If necessary, rename the file AM-eval-6.5.2.2.war .
4. Copy the AM-eval-6.5.2.2.war file into the opt\tomcat\webapps folder.
1. Top copy the .war file, run the Terminal Emulator to get a command window.
2. Change to the directory where the .war file is located, using the cd command, for example, if the AM-eval-
6.5.2.2.war is on the Desktop: cd Desktop
3. Use the sudo cp command to copy the file to /opt/tomcat/webapps, for example:sudo cp *.war /opt/tomcat/webapps
5. The .war file should auto-deploy, if it does not, Restart Tomcat to deploy the .war file.
6. After restarting Tomcat, use the following URL to access the OpenAm homepage:http://<host name>:<port number>/AM-eval-
6.5.2.2/XUI/#realm (for example, http://localhost:9080/AM-eval-6.5.2.2/config/options.htm ).
Configure OpenAM

1. Access OpenAm to be redirected to the configuration page (http://localhost:9080/AM-eval-6.5.2.2/config/options.htm).


2. Create a default Configuration.
3. Set the password to administrator.
4. When the configuration is complete, click Process to login.
5. Log in with user name amadmin using password administrator.
6. Click New Realm to create a new Realm.
7. Name the new Realm PegaSAML.

8. After Creating the PegaSAML Realm, in the Realm Overview, clickConfigure SAML V2 Provider.
9. In the Configure SAML V2 Provider dialog box, select Configure Hosted Identity Provider.
10. In the Configure Hosted Identity Provider dialog box, in the Signing Key list, select test.
11. In the New Circle of Trust field, enter PegaSAML.
12. In the upper right, click Configure.

13. When you get to the Confirmation page, click Finish.


14. On the Realm Overview page, click Application > Federation to see your configured Identity Provider.
15. In OpenAM, click Identities to create at least one Identity.
16. In the Password field, enter password.
17. In the User ID field, enter CEO@Booking.

Configure a SAML 2.0 Authentication Service in the Pega Platform


To allow users to login with single sign-on (SSO), perform the following steps to define a SAML 2.0 Authentication service.

1. Create a new PegaSAML Authentication Service (Dev Studio > Configure > Org & Security > Authentication >
Create Authentication Service).

2. Complete the Authentication Service rule form:


a. In the Authentication Service Alias field, enter a name that becomes part of the URL for SSO login (for example,
PegaSAML).
b. Click the Import IdP metadata link.
c. Select via URL.
d. In the URL field, enter http://localhost:9080/AM-eval-6.5.2.2/saml2/jsp/exportmetadata.jsp?realm=/PegaSAML.
e. Click Submit.

The completed Identity Provider Information should look like the following image.
3. On the SAML 2.0 tab, in the Service Provider settings section, select the Disable request signing check box so that
the authentication service can work without certificates.
4. On the History tab, in the Documentation section, provide a Description and Usage.
5. Save the PegaSAML authentication service.

Register Pega as a Remote Service Provider with OpenAM

1. On the OpenAM portal, select the PegaSAML Realm.


2. Select Configure SAMLv2 Provider.
3. Select Configure Remote Service Provider.
4. Complete the Configure a SAMLv2 Remote Service Provider form.
1. Select the PegaSAML Realm.
2. In the Where does the metadata file reside? section, select URL.
3. Obtain the URL for the URL where the the metadata is located: field from the PegaSAML Authentication Service
you configured in the Pega Platform. You can find it in the Service Provider settings section of the SAML 2.0 tab by
clicking the Download SP metadata link and then coping the URL for the page displayed.
4. Completed Form:
5. Select Configure to add Pega as a Remote Service Provider.

Configure External Authentication

1. Open the CEO@Booking operator ID, if the CEO@Booking operator does not exist, save the mistyped COE@Booking
operator ID as CEO@Booking.
2. On the Security tab, select External Authentication.
Confirm your work

1. Copy the Login URL from the PegaSAML Authentication Service: http://localhost:9080/prweb/PRAuth/PegaSAML
2. Open a different browser (if you are using Chrome, open Firefox).
3. Paste the Login URL into the web browser to access the OpenAM Login Screen.
4. Log in with user name CEO@Booking using password password.

Notice how you can log in to Pega Platform seamlessly.


Download the Access Manager

AccessManager.zip

Available in the following missions:

Lead System Architect


Security Design

Configurating SAML authentication -- Tue, 07/06/2021 - 13:01


To get the full experience of this content, please visit Configurating SAML authentication

You might also like