Edit instance-dir/webapps/web-app-name/WEB-INF/oeablSecurity.properties to enable the use of SAML for a single web application and to work with the Okta application, complete the following:

  1. Edit the oepas1/webapps/ROOT/WEB-INF/oeablSecurity.properties for the single web application named ROOT.
    1. Enable SAML by setting the client.login.model to saml.
      client.login.model=saml
    2. Set the identity provider metadata location. Use the URL Identity Provider Metadata saved during the "Configure the identity provider" steps. 
      samlToken.metadata.idpMetaDataFileLocation=https://IdPMetadataURL/metadata
    3. Based on the Okta application, set the following properties.
      Table 1. Properties based on Okta settings
      Property in oeablSecurity.properties Based on Okta setting
      samlToken.validation.validAudiences=/saml2/metadata/oepas1 Audience URI (SP Entity ID)

      samlToken.UserDetails.roleAttrName=userAuthorities

      		 Attribute statements (optional)
      • NameuserAuthorities
      "/rest/**","*","hasAnyRole('ROLE_PSCUser')" Attribute statements (optional)
      • Name format Unspecified
    4. Based on the ABL application, set the following properties.
      Table 2. Properties derived from ABL application settings
      Property in oeablSecurity.properties ABL application settings
      samlToken.UserDetails.rolePrefix=ROLE_ This is the default.
    5. Save the file.
      Note: This guide introduces the basic properties required. For more information on the available SAML properties, see $DLC/servers/pasoe/conf/oeablSecurity.properties.README.

      PAS for OpenEdge supports SAML logout functionality. For simplicity, the logout properties are not addressed in this guide.

      For more information on SAML logout support, see Support for SAML in PAS for OpenEdge