Authenticating Jazz Authorization Server by using SAML as an identity provider

Edit online

If you choose to use Security Assertion Markup Language (SAML) as an identity provider for Jazz® Authorization Server (JAS) authentication, complete the following procedure. SAML is an OASIS open standard for representing and exchanging user identity, authentication, and attribute information. A SAML assertion is an XML-formatted token that is used to transfer user identity and attribute information from the identity provider of a user to a trusted service provider as part of the completion of a single sign-on request. JAS supports SAML web browser single sign-on in the IBM® WebSphere® Liberty, which enables the web applications to delegate user authentication to a SAML identity provider instead of a configured user registry.

Before you begin

  1. Configure the Lightweight Directory Access Protocol (LDAP) user registry by using your SAML identity provider information. For more information, see Authenticating Jazz Authorization Server by using the LDAP user registry.
  2. Obtain the idpMetadata.xml file from the SAML administrator and save it on your computer. For more information, see the product documentation of the SAML identity provider that you use.
    Note: The idpMetadata.xml file consists of an IdP certificate, entity ID, redirect URL, and logout URL.

To create a secret for SAML auth provider, use one of following methods

Red Hat OpenShift Container Platform web console method

Edit online

Procedure

  • In the Red Hat OpenShift Container Platform web console, click Projects and open the project where the Engineering Lifecycle Management instance secret is to be created.
  • Click Workloads > Secrets.
  • On the Secrets page, select Key/Value Secret from the Create list.
    The Create Key/Value Secret page opens.
  • Enter elm-saml-idp-metadata in the Secret Name field.
    Important: You must enter the secret name as elm-saml-idp-metadata to create the Engineering Lifecycle Management instance.
  • Enter idpMetadata.xml in the Key field.
  • Click Browse and select the idpMetadata.xml file that is saved on your computer.
  • Click Create to save the elm-saml-idp-metadata secret.
    The elm-saml-idp-metadata secret is created and listed on the Secrets page.
    Important: You must create the elm-saml-idp-metadata secret in the Red Hat OpenShift before you create the Engineering Lifecycle Management instance. If it is not set up or created incorrectly in the cluster, the Engineering Lifecycle Management instance creation might fail.