DX Unified Infrastructure Management

Anyone who have successfully integrated OC Single Sign-On to Azure AD?

The tech doc seems only focused for local "traditional" AD integration.

------------------------------
Senior engineer
NetNordic.com
Norway
------------------------------

Yes, you are correct about what's documented, and could find nothing in documentation, KBs, or other cases on it.

------------------------------
Support Engineer
Broadcom
------------------------------

Original Message:
Sent: 12-10-2020 08:00 AM
From: Joachim Stenhjem
Subject: Configure OC to Use SAML Single Sign-On to Azure AD

Anyone who have successfully integrated OC Single Sign-On to Azure AD?

The tech doc seems only focused for local "traditional" AD integration.

------------------------------
Senior engineer
NetNordic.com
Norway
------------------------------

Did you have any luck with it?

We're in the same boat and can't find any information anywhere
Original Message:
Sent: 12-10-2020 08:00 AM
From: Joachim Stenhjem
Subject: Configure OC to Use SAML Single Sign-On to Azure AD

Anyone who have successfully integrated OC Single Sign-On to Azure AD?

The tech doc seems only focused for local "traditional" AD integration.

------------------------------
Senior engineer
NetNordic.com
Norway
------------------------------

We got ours working and it was relatively simple. We've had LDAP working for years so I'll assume that part is working... but high level:

1. Configure a new keystore file as per the documentation
2. Encrypt the keystore passwords and keystore alias as per the documentation 
3. Set the following in the <OC_installation>\probes\service\wasp\webapps\samlsso\WEB-INF\classes\samlssoConfig.properties file:

   saml.configuration.enabled=true
   saml.sp.metadata.id=UMP2030
   saml.sp.metadata.entityid=ump2030
   saml.sp.keystore.password=encrypted keystore password from step 2 here
   saml.sp.keystore.aliasName=encrypted keystore alias name from step 2 here
   saml.sp.keystore.aliasPassword=encrypted keystore password from step 2 here

4. Restart wasp
5. Navigate to http://<OC_Server>/samlsso/saml/metadata to obtain the xml file to upload to azure
6. Create a new app in azure, upload the xml file 
7. A new xml should be generated in azure, download this file and stick it in <OC_installation>\probes\service\wasp\webapps\samlsso\WEB-INF\classes\metadata (take note of the filename, we named ours azure.xml)
8. Set the following in the <OC_installation>\probes\service\wasp\webapps\samlsso\WEB-INF\classes\samlssoConfig.properties file (using the filename from step 7):

   saml.idp.metadatafile.path=/metadata/azure.xml

9. Restart wasp

From there, we are able to open the UIM OC interface from Microsoft "My Apps" page with a single click but the Single Sign On button from the OC login page didn't work. It would open up the Microsoft authentication page but we'd have to enter our credentials every time. I have a feeling its due to our OC page being in the local intranet zone, then the Microsoft authentication being on the internet - it doesn't like to pass the credentials over between the zones. To get around this, I just added the UIM OC application URL from "My Apps" into the targetUrl section of the <OC_installation>\probes\service\wasp\webapps\operatorconsole_portlet\samlssocheck.js file. Clicking the button basically re-launches the UIM OC interface directly from the "My Apps" page.

Seems to work nicely!
Original Message:
Sent: 12-10-2020 08:00 AM
From: Joachim Stenhjem
Subject: Configure OC to Use SAML Single Sign-On to Azure AD

Anyone who have successfully integrated OC Single Sign-On to Azure AD?

The tech doc seems only focused for local "traditional" AD integration.

------------------------------
Senior engineer
NetNordic.com
Norway
------------------------------