SAML Authentication SSO issue

Bajr Prakash Singh · June 26

Hi All,

We are in process of setting up out QA server for WF 9.1, during configuration of SSO using SAML Authentication with keycloak as IDP, I am getting weird login page and it does not work even after I provide my credentials.

Few details to keep in mind:
1. Keycloak has new client ID specific for WebFOCUS 9.1 environment.
2. Proxy server has Location as '/ibi_apps_91/', I can't use 'ibi_apps' as it is used by our WF 8 Development server
3. keycloak-saml.xml file has been used from keycloak server
4. wfspmetadata has been generated
5. SSL certificate is valid

Any insights on what could be the issue?

Thanks in advance!

Clayton Peacock · June 27

Taking a shot in the dark, check on the Admin Console--> Security --> Security Zones also click on the Default--> Authentication is SAML enabled?

Bajr Prakash Singh · June 28

@Clayton Peacock, yes it is enabled

Bajr Prakash Singh · June 28

Just a thought, can we make alias change for 'ibi_apps' to lets say 'ibi_apps_91' in webfocus configuration?

Patrick Huebgen · June 28

3 hours ago, Bajr Prakash Singh said:

Just a thought, can we make alias change for 'ibi_apps' to lets say 'ibi_apps_91' in webfocus configuration?

Yes you can use any alias you want to use

Patrick Huebgen · June 28

@Bajr Prakash Singh - for the SAML issue please open a support ticket - to dig into this this would require exchanging log files and other sensitive information which should take place in a more secure environment than the public forum.

Bajr Prakash Singh · July 1

Thanks @Patrick Huebgen, I have opened a case and following with support over this issue.

Pablo Alvarez · July 2

Hi Bajr,

In case you haven't change the alias yet, you can do it from the WebFOCUS Administration console:

You can change that string to whatever you want, save the changes and restart your Application Server, once done, you'll need to use that alias to access the product.

Bajr Prakash Singh · August 20

Hi Pablo, sorry for my delayed response. I got busy with coordinating with TIBCO support for this issue. Thanks for the suggestion btw.

They suggested that post installation it is advised not to make the alias change, so I had to make changes in the Client ID of keycloak server and configure it with WF 9 server. Post that there were few files that WebFOCUS uses that were blocked by our firewall that I had get whitelisted to enable/access the feature of WF Client.

Edited August 20 by Bajr Prakash Singh

Solutions

Featured Topic

ibi™ Mainframe

ibi™ Analytics

ibi™ Data Intelligence

Get help

Get involved

Company

Partners

SAML Authentication SSO issue

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

ibi^™ Mainframe

ibi^™ Analytics

ibi^™ Data Intelligence