Step 1: Configuring single sign-on settings in License Metric Tool
As the first step, configure single sign-on settings in License Metric Tool.
Before you begin
- Gather necessary information
- Before you start the configuration, gather the following information:
- URL to the login page of the Identity Provider. It is the URL to which an unauthenticated
request is redirected. After the request is authenticated by the Identity Provider, the user is
redirected to License Metric Tool.
For example: https://ADFS_host_name/adfs/ls/IdPInitiatedSignOn.aspx?LoginToRP=https://LMT_host_name:9081/ibm/saml20/defaultSP.
- URL of the Trusted Issuer. It is the URL to the certificate issuer of the Identity Provider that
is needed to establish a trust relationship.
- Public certificate of the Identity Provider in the key_name.cer format.
- URL to the login page of the Identity Provider. It is the URL to which an unauthenticated request is redirected. After the request is authenticated by the Identity Provider, the user is redirected to License Metric Tool.
- Enable SSL
- Ensure that SSL is enabled in License Metric Tool and in the Identity Provider.
- Backup files
- Before you start configuring single sign-on, back up the following files:
Note: If you set up the session timeout for Single Sign-On, remember that it should be longer than the session timeout that is set up for License Metric Tool. Otherwise, change the settings in License Metric Tool. For more information, see: Setting session timeout.
- Create users
- Create License Metric Tool users who will use the single
sign-on. During the creation of the users, select Single Sign-on as the
authentication method. Ensure that all user names are fully-qualified names that contain the full
domain name, for example: firstname.lastname@example.org. Also, ensure that at least one user is an
If the License Metric Tool server is installed on Linux, and users in the Identity Provider use the camel-case naming convention, create users following the same convention in License Metric Tool. Otherwise, the users are not be able to generate audit snapshots.Note: User token is not available after a single sign-on user is created. If you need the token, for example to run REST API calls, ask the License Metric Tool administrator to provide it for you.
- Log in to License Metric Tool, and click .
Select SAML as the single sign-on method.
The Instance ID filed is automatically filled with the
defaultSPvalue. It is the identifier of the License Metric Tool service. Together with the License Metric Tool URL, it forms the overall Service Provider ID: https://LMT_host_name:LMT_port/ibm/saml20/defaultSP.
Based on this value, the SAML Assertion Consumer Service URL is built: https://LMT_host_name:LMT_port/ibm/saml20/defaultSP/acs. The URL should be used for the configuration of the Identity Provider.
Specify the URL to the login page of the Identity Provider that you will use to single sign-on
to License Metric Tool.
https://ADFS_host_name/adfs/ls/IdPInitiatedSignOn.aspx?LoginToRP=https://LMT_host_name:9081/ibm/saml20/defaultSPImportant: Ensure that the URL that you specify is correct. The address is not validated. If you make a typo in the URL, you might need to manually revert the SSO configuration.
- Provide the public certificate of the Identity Provider. Click Browse to locate the key_name.cer certificate that you created.
Provide the URL of the certificate issuer of the Identity Provider. It is the issuer name of
the Identity Provider as it appears in the SAML assertion.
http://ADFS_host_name/adfs/services/trustImportant: Ensure that the URL that you specify is correct. The address is not validated. If you make a typo in the URL, you might need to manually revert the SSO configuration.
- Click Save.
- Optional: To use a custom certificate for the SSO setup, see: Using a CA-signed (custom) certificate for SSO based on SAML. Otherwise, continue to the next step.
Click the Download Service Provider Metadata link, and save the
Note: When the SAML single sign-on entry is created, only the Delete button, and the Download SP Metadata link are enabled. If the download link is not displayed, restart the License Metric Tool server.