Configure PAS for OpenEdge instances to use SAML with the OpenEdge Authentication Gateway

This example uses a single PAS for OpenEdge instance. For production configurations the configuration steps are required for each PAS for OpenEdge server using the SAML security model. This test configuration includes identifying the OESECTOOL as the SAML IdP to authenticate users and the OpenEdge Authentication Gateway to validate and exchange the SAML assertion for a client-principal object.

Set the properties for each PAS for OpenEdge instance

To enable a PAS for OpenEdge instance to use SAML, perform the following steps:
  1. Edit instance/webapp/webapp-name/WEB-INF/oeablSecurity.properties.
    Note: This example secures a PAS for OpenEdge server, instance, at the web application level. Replace instance with the name of the PAS for OpenEdge instance and webapp-name with the name of your web application.
  2. To use SAML, set the client.login.model to saml.
    client.login.model=saml
  3. To validate and exchange the SAML assertion for a client-principal object using the OpenEdge Authentication Gateway, set sts.Saml2TokenExchange.stsURL.
    sts.Saml2TokenExchange.stsURL=https://hostname:port
    Note: Replace hostname and port with the hostname and port of the OpenEdge Authentication Gateway server to validate and exchange the tokens. When testing with OESECTOOL the hostname must be lowercase.
  4. Set samlToken.metadata.idpMetaDataFileLocation to the location of metadata XML file of the IdP server.
    samlToken.metadata.idpMetaDataFileLocation=https://hostname:port/samlidp/metadata
    Note: Replace hostname and port with the hostname and port supplied by the identity provider. When testing with OESECTOOL the hostname must be lowercase.
  5. For this demonstration, if host verification is not implemented, set sts.Saml2TokenExchange.noHostVerify to true.
    sts.Saml2TokenExchange.noHostVerify=true
    Note: Production systems should implement host verification by setting noHostVerify=false.
  6. Save the file.

For more information on configuring security properties for PAS for OpenEdge, see the oeablSecurity.properties.README file.