Saviynt Forums

sayeedaR · ‎10/12/2022

Hi team,

have configured SSO with Azure AD and uploaded the sp and idp inititiated files(from Azure) in saviynt EIC.

could see some issue while redirection,

Attaching the snippet with the saml trace.

Please let me know if any suggestions.

Manikanta_S · ‎10/12/2022

Hello @sayeedaR ,

This happens when Saviynt is not able to generate SAML Authn request which is usually due to incorrect configuration in Authenticationconfig.Groovy file.

Please refer the documentation for the configuration steps :

https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter06-Configuring-SSM/Configuri...

Please ensure the below highlighted parameters are configured correctly.

Thanks & Kind Regards,
Manikanta.S

sksuresh2k20 · ‎10/27/2022

Hi Manikanta,

Hope you are doing good!

Since we are trying to configure SSO with Customer tenant in EIC version 2022, We could be able to edit/Download the uploaded metadata and getting Attached), Do we have separate AuthenticationConfig file version 2022, I amy suspect the issue with metatda storing location or corrupted , Please advise

rushikeshvartak · ‎10/27/2022

File location can you check with saviynt operations team with help of freshdesk

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sksuresh2k20 · ‎10/27/2022

Thanks I have opened a support case.

Manikanta_S · ‎10/27/2022

Hello Suresh,

With the 2022 version you need not specify the file path, you can just mention the name of the uploaded SP/IDP/Keystore file.

Thanks & Kind Regards,
Manikanta.S

sksuresh2k20 · ‎10/27/2022

Thanks Manikanta, I have added the same in Config file and restarted below is the response, still no luck.

// IDP-1
<<<<<<< HEAD
<<<<<<< HEAD
=======
>>>>>>> c5d428454c32b73ae54ca4567e4820df8a34380d
grails.plugin.springsecurity.saml.metadata.sp.file = '/WEB-INF/classes/security/SAML/sp.xml'
grails.plugin.springsecurity.saml.metadata.defaultIdp='https://xxx.xxxxxxx.net/07497e85-9665-4d82-9d54-ea2496a522d9/'
grails.plugin.springsecurity.saml.metadata.providers = [AzureAD: '/WEB-INF/classes/security/SAML/idp.xml']
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/WEB-INF/classes/security/SAML/sp.keystore.jks'
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/WEB-INF/classes/security/SAML/keystore.jks'
<<<<<<< HEAD
=======
grails.plugin.springsecurity.saml.metadata.sp.file = '/WEB-INF/classes/security/SAML/sp.xml'
grails.plugin.springsecurity.saml.metadata.defaultIdp='https://xxx.xxxxxxx.net/07497e85-9665-4d82-9d54-ea2496a522d9/'
grails.plugin.springsecurity.saml.metadata.providers = [AzureAD: '/WEB-INF/classes/security/SAML/idp.xml']
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/WEB-INF/classes/security/SAML/sp.keystore.jks'
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/WEB-INF/classes/security/SAML/keystore.jks'
>>>>>>> 4a667bc2e82759c63983e5489d3e4a034b98e5e5
=======
>>>>>>> c5d428454c32b73ae54ca4567e4820df8a34380d
grails.plugin.springsecurity.saml.keyManager.storePass = 'changeit123'
grails.plugin.springsecurity.saml.keyManager.passwords = [ spsigned: 'changeit123' ]
grails.plugin.springsecurity.saml.keyManager.defaultKey = 'spsigned'
grails.plugin.springsecurity.saml.metadata.sp.defaults = [
securityProfile: 'metaiop',
local: true,
alias: 'matrixmedical-dev',
signingKey: 'spsigned',
encryptionKey: 'spsigned',
tlsKey: 'spsigned',
requireArtifactResolveSigned: false,
requireLogoutRequestSigned: false,
requireLogoutResponseSigned: false,
idpDiscoveryEnabled: true]

[This post has been edited by a moderator to remove personally identifiable information to abide by the Saviynt Community Terms of Use and Participation Guidelines.]

rushikeshvartak · ‎10/27/2022

You need specify full path

for example /opt/saviynt/tomcat/webapps/ECM/WEB-INF/classes/security/SAML/sp.xml

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter06-EIC-Configurations/Conf...

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sksuresh2k20 · ‎10/28/2022

Unfortunate no luck,

grails.plugin.springsecurity.saml.metadata.sp.file = '/opt/saviynt/tomcat/webapps/ECM/WEB-INF/classes/security/SAML/sp.xml'
grails.plugin.springsecurity.saml.metadata.providers = [AzureAD: '/opt/saviynt/tomcat/webapps/ECM/WEB-INF/classes/security/SAML/idp.xml']
grails.plugin.springsecurity.saml.keyManager.storeFile = 'file:/opt/saviynt/tomcat/webapps/ECM/WEB-INF/classes/security/SAML/keystore.jks'

securityProfile: 'metaiop',
local: true,
alias: 'matrixmedical-dev',
signingKey: 'spsigned',
encryptionKey: 'spsigned',
tlsKey: 'spsigned',
requireArtifactResolveSigned: false,
requireLogoutRequestSigned: false,
requireLogoutResponseSigned: false,
idpDiscoveryEnabled: true]

Manikanta_S · ‎10/30/2022

Hello @sksuresh2k20 ,

With 2022 you need not mention the '/WEB-INF/classes/security/SAML/sp.xml'

You can only mention the file name as below:

grails.plugin.springsecurity.saml.metadata.sp.file = 'sp.xml'
grails.plugin.springsecurity.saml.metadata.defaultIdp='https://xyz.xyz.net/xxxxx-e309-4f91-94f5-72dffxxxxxx/'
grails.plugin.springsecurity.saml.metadata.providers = [test: 'AzureAD_idp.xml']

Thanks & Kind Regards,
Manikanta.S

Saviynt Forums

SSO integration with AzureAD