MWS SSO using SAML with 3rd Party IDP

Hi Experts,

We have implememted SSO using SAML with 3rd party IDP and is working fine with the URL provided by the IDP team. IDP url looks like below:

https://authgw.**********.com/authgw/idpssoinit?metaAlias=/EUR/IDP_INT_**portal&spEntityID=https://dev01.eu.ad.:443

We are able to logging into the portal If we hit the above URL without asking for any login credentials.

But, we dont want to use the full IDP URL, instead simply we want to use the application frontend URL https://dev01.eu.ad.*:443.

If we use the application frontend URL, it’s asking username & passwrod(i.e, landing on MWS login page istead directly logging into application dashboard page). Do we have to make any configuration changes in MWS to make the SSO work with the application frontend URL. Any inputs would really help.

Regards,
Pradeep.

Hi Sai,

please login to MWS with SysAdmin or a user which is a member of the “Admin Role” and check the SAML configuration.
There are 4 parts to be checked:

  • SAML Authentication
  • SAML IDP Configuration
  • SAML SP Registration
  • SAML SSO Configure SP

Eventually you need to add some hosts into the “Redirection Whitelist Administration”.

See MWS Administrators Guide for further informations regarding this.

Regards,
Holger

Hi Holger,

Thank you so much for quick response.

We configured the IDP initiated SSO url under the SAML Authentication Administration.

Also I checked Redirection Whitelist Administration I add the IDP server to whitelist but still the application frontend URL not taking SSO.

I found one article in tech community, first the SSO should be initiated at SP and then it redirects to IDP as per the SAML Authentication Administration configuration to make our frontend URL work with SSO.

We are on v10.1, and I don’t see SP initiated SSO option/configuration in MWS.

Please suggest to proceed further.

Regards,
Pradeep.

Hi Sai,

by searching Empower for “sso saml idp” I found the following entries:
https://documentation.softwareag.com/webmethods/mywebmethods_server/mws10-4/10-4_MWSw/index.html#page/my-webmethods-server-webhelp%2Fco-configuring_single_sign-on.html%23
https://documentation.softwareag.com/webmethods/mywebmethods_server/mws10-4/10-4_MWSw/index.html#page/my-webmethods-server-webhelp/re-property_setting_for_single_sign-on_using_a_third-party_idp.html

Most likely I might not be able to help you further in this case as we are not using SAML SSO with IDP in our application, only SSO via HTTP-Header-Authentication.

Regards,
Holger