Automic Workload Automation

• WantAssertionsSigned="false" in UC_SAML_SETTINGS.
• In MS Azure console as described under: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization, NameID format section, change from "Windows domain qualified name" to "Unspecified". 
• Important! Always clear the browser history (cache/cookies).

• WantAssertionsSigned="false" in UC_SAML_SETTINGS.
• In MS Azure console as described under: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization, NameID format section, change from "Windows domain qualified name" to "Unspecified". 
• Important! Always clear the browser history (cache/cookies).

1. On UC_SAML_SETTINGS, *CONFIG key, set disableRequestedAuthnContext to true. 
   <SamlConfig>
   <!-- When set to true, RequestedAuthnContext of the SAML AuthnRequest is not sent to your identity provider -->
   <disableRequestedAuthnContext>true</disableRequestedAuthnContext>
   </SamlConfig> 
2. On UC_SAML_SETTINGS, *SP key, set AuthnRequestsSigned and WantAssertionsSigned to "false". 
   <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
3. Then the other changes that need to be made are in the official documentation. Especially the changes needed to point to the SAML Service Provider: https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.4/Automic%20Automation%20Guides/Content/Installation_Common/SetUp_SAML_SSO.htm.
4. By the way, I am using Tomcat as application server.

• WantAssertionsSigned="false" in UC_SAML_SETTINGS.
• In MS Azure console as described under: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization, NameID format section, change from "Windows domain qualified name" to "Unspecified". 
• Important! Always clear the browser history (cache/cookies).

Hi Juliane,

thanks for this informatin, very helpful for me. I have no expierneces with Azure and SAML.

No I'm one step furhter and I received a new error, but I think this is a problem in Azure

Look like there is an configuration error in the Basic SAML Configuration

I think this entry have not set to _INSERT_.

Or does anyone know this error?

Thanks

Best regards

Jens

Original Message:
Sent: Jan 31, 2023 02:10 PM
From: Juliane Burakosky
Subject: AWI 21 - SSO with SAML - Azure AD as Identity Provider

Hi Jens,

These are the changes made on AWI part that are not really in the documentation:

1. On UC_SAML_SETTINGS, *CONFIG key, set disableRequestedAuthnContext to true. 
   <SamlConfig>
   <!-- When set to true, RequestedAuthnContext of the SAML AuthnRequest is not sent to your identity provider -->
   <disableRequestedAuthnContext>true</disableRequestedAuthnContext>
   </SamlConfig> 
2. On UC_SAML_SETTINGS, *SP key, set AuthnRequestsSigned and WantAssertionsSigned to "false". 
   <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
3. Then the other changes that need to be made are in the official documentation. Especially the changes needed to point to the SAML Service Provider: https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/21.0.4/Automic%20Automation%20Guides/Content/Installation_Common/SetUp_SAML_SSO.htm.
4. By the way, I am using Tomcat as application server.

I hope this information helps you!

------------------------------
Regards,
Juliane Burakosky

Original Message:
Sent: Jan 27, 2023 05:57 AM
From: Jens Pilz
Subject: AWI 21 - SSO with SAML - Azure AD as Identity Provider

Hi Juliane,

thanks for this information. I trie in the moment to setup the SSO via SAML to Azure with the Version 21.0.4 HF1, but I have the some issue like in older Version that the AWI send's the RequestedAuthenticationContext with Value 'Minimum' and Azure needs 'exact'. Do you have changed something in the Saml Settings or on the AWI part? In the documentation I can't find something. I'm using the Jetty Launcher as AWI.

Thanks

Regards
Jens
Original Message:
Sent: Dec 14, 2022 11:53 AM
From: Juliane Burakosky
Subject: AWI 21 - SSO with SAML - Azure AD as Identity Provider

Hello,

These steps will help you in implementing SAML with Azure AD. This information complements the original Broadcom's documentation section "Setting up Single Sign-On - SAML". During SAML configuration, make sure that:

• WantAssertionsSigned="false" in UC_SAML_SETTINGS.
• In MS Azure console as described under: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization, NameID format section, change from "Windows domain qualified name" to "Unspecified". 
• Important! Always clear the browser history (cache/cookies).

I hope this information will be helpful!

------------------------------
Regards,
Juliane Burakosky
------------------------------