Administering : Authentication in Focal Point : Authenticating by using SAML 2.0 Single Sign-On
  
Authenticating by using SAML 2.0 Single Sign-On
To set up SAML based SSO authentication in Focal Point:
1 Configure Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 if it is not available under the lib\security folder with the JRE you are using with Focal Point.
2 Download and configure the unrestricted policy files from the following location:
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
3 Generate the KeyStore by going to javainstall\bin and running the following command:
keytool -genkeypair -alias aliasname -keypass password -keystore keystorename.jks -keyalg RSA -keysize 2048
For example:
keytool -genkeypair -alias adfs2 -keypass focalpoint -keystore adfs2.jks -keyalg RSA -keysize 2048
4 Get the certificate from Identity Provider and run the following command:
keytool -importcert -alias aliasname -file idpCertificate.cer -keystore keystorename.jks
For example:
keytool -importcert -alias myidp -file myidp.cer -keystore adfs2.jks
5 Copy the keystore file <keystorename.jks> to the fpinstall/server/conf/fp/keystore folder, where fpinstall is the Focal Point® installation directory.
6 Copy the Identity Provider Metadata file (federationmetadata.xml) to the fpinstall/server/conf/fp/metadata folder.
7 Go to the fpinstall/server/conf/fp folder, open the saml.properties file and specify the entries.
For example, the sample saml.properties file has the following entries:
keyStoreFile=adfs2.jks
keyPassword=focalpoint
keyAlias=adfs2
metadataFile=federationmetadata.xml
signatureAlgorithm=SHA256
8 Update the value of the property spring.profiles.active in the server.startup.bat file as below:
spring.profiles.active=auth-saml
9 Download the Focal Point® metadata and specify the same at the Identity Provider.
Focal Point® metadata can be accessed from the following URL:
https://servername:port/fp/saml/metadata
Go up to
Authentication in Focal Point