Single sign-on integration
You can create a directory on a persistent volume if you need to keep any configuration files for doing single sign-on integration.
The following sections show examples of how you can do single sign-on (SSO) integration.
SAML single sign-on example
The following steps are an example that shows how to configure SAML SSO for the Control Center
and the Operations and Administration Console (OAC).
- Create directories on the persistent volume (PV) to copy the SAML identity provider (IdP) metadata file
to. For example, create the following directories for the Control Center and the OAC.
- /opt/ibm/ftm/control-center/security
- /opt/ibm/ftm/oac/security
- Copy the SAML identity provider (IdP) metadata XML file, ipd-metadata.xml, to these new directories.
- Update the IBM® WebSphere® Liberty configuration. Add the snippet of server XML, which is
after these steps, to the following config maps.
ftm-control-center-dropinsftm-oac-dropins
This snippet of Liberty configuration server XML references the IdP metadata file that
you copied to the persistent volume.
<server>
<featureManager>
<feature>samlWeb-2.0</feature>
</featureManager>
<basicRegistry id="basic" realm="basicRealm">
<user name="fxhadmin" password="${FXH_PASSWORD}"/>
<group name="myAdmins">
<member name="fxhadmin"/>
</group>
</basicRegistry>
<administrator-role>
<group>myAdmins</group>
</administrator-role>
<!-- Only a URL that contains "/fxh" uses this SAML login. -->
<samlWebSso20 id="defaultSP"
disableLtpaCookie="false"
allowCustomCacheKey="false"
mapToUserRegistry="No"
idpMetadata="/opt/ibm/ftm/control-center/security/idp-metadata.xml"
enabled="true"
spLogout="false"
nameIDFormat="unspecified"
wantAssertionsSigned="false">
<authFilter id="samlAuthFilter">
<requestUrl id="ftm4cUrl" urlPattern="/fxh" matchType="contains"/>
</authFilter>
</samlWebSso20>
<webAppSecurity sameSiteCookie="Lax"/>
</server>