Authentication in AD FS via SAML 2.0
Authentication in AD FS via SAML 2.0 |
|
|
SE Suite supports Single Sign-On via SAML 2.0 (Security Assertion Markup Language), which is a widely used authentication standard in WEB applications, as well as being the most secure authentication method offered by the application, due to the digital signature mode applied in the exchange of messages. The architecture consists of three agents: SE Suite, as a service provider (SP), Active Directory with AD FS configured as an identity provider (IdP), and client (browser).
The configuration for authentication via SAML 2.0 basically consists of exchanging the metadata files between the service provider (SE Suite) and the identity provider. Refer to the Configuring the authentication in AD FS with SAML 2.0 section for a detailed description on how to perform this operation.
PrerequisitesAuthentication using the SAML protocol requires that the Java extended encryption package is installed, however, because of a United States export rule, the default Java JDK installation has a limitation with respect to encryption capability. To use authentication using the SAML protocol, you must remove this limitation. To do this, the Java Cryptography Extension (JCE) extension package of your respective JDK version must be installed on the server where the SE Suite is installed.
The package is available in the "\tools\thirdparties\oracle\java\UnlimitedJCEPolicyJDK7.zip" folder of the product installation directory. To perform the installation simply follow the steps: 1.Unzip the UnlimitedJCEPolicyJDK7.zip file in the folder: <sesuite_dir>\tools\thirdparties\oracle\java\ 2.Copy files with the .jar extension. 3.Paste the files with .jar extension into the "<JAVA_HOME>\lib\security" directory. 4.Restart the SE Suite service |