Configuring Security Assertion Markup Language (SAML) security

You can configure the application server to use Security Assertion Markup Language (SAML). SAML is an authentication protocol that authenticates your session with an Identity Provider (IdP) rather than directly with IBM® Maximo® Asset Management.

Before you begin

For SAML to work correctly, you must authenticate with an identity provider (IdP) and configure a trust association interceptor (TAI).

Procedure

  1. Update all 4 web.xml files.
    1. Open the /maximo/maximouiweb/webmodule/WEB-INF/web.xml file.
    2. Set the value of <useAppServerSecurity> to 1.
    3. Uncomment the <security-constraint> section.
    4. Uncomment the <login-config> sections for FORM login.
    5. Repeat steps A through D for the following files:
      • /maximo/meaweb/webmodule/WEB-INF/web.xml
      • /maximo/maxrestweb/webmodule/WEB-INF/web.xml
      • /maximo/maboweb/webmodule/WEB-INF/web.xml
  2. Rebuild and redeploy the maximo.ear file.
  3. Log in to Maximo Asset Management and go to System Configuration > Platform Configuration > System Properties.
  4. Set the mxe.useSAML and mxe.AppServerSecurity properties to 1.
  5. Optional: If your system does not use a / as a domain separator, set the mxe.userRealmSeparator property to the domain separator that you use.

What to do next

By default, when you build and deploy the maximo.ear, it assumes the presence of a maximousers group in the local repository and is used to map any users in this group to a maximouser role. In the WebSphere® Application Server, you can bypass the mapping and authorize everyone who is trusted in this realm to log in to Maximo Asset Management.