Single sign on configuration in Agile Apps 10.3

Single sign on can be configured in Agile Apps so that Business console users can access Agile Apps. Navigation form Agile Apps to Business console will require single login using Business console user.

Below are the steps to configure single-sign-on,

  1. HTTPS port configuration settings in MWS

a. Login to MWS as Administrator

URL: http://<MachineName>.eur.ad.sag:8585

Username: Administrator

Password: manage.

b. Navigate to Applications > Administration > My webMethods > Cluster Settings,

Set HTTPS port as 8586 as in the screenshot,

c. Restart MWS

 

     2. Configuration of single sign on in Agile Apps

For each Agile Apps tenant single sign on can be configured. Configuration of single sign on for Agile Apps default tenant “AgileApps DAP Tenant” is described below,

a. Login to Agile Apps using  AgileApps DAP Tenant credentials

URL: https://<MachineName>.eur.ad.sag:8284/networking /servicedesk/index.jsp

Username: Administrator

Password: manage

b. Request for password change will be prompted; enter new password, security question and its corresponding answer.

c. Navigate to Settings > Account Management > Single-Sign-On Settings > Edit,

Set values for parameters as below,

  • Sign-On Using: SAML
  • Note down
    • Platform Authentication Service URL
    • Assertion Consumer Service EndPoint     
  • Issuer: https://<MachineName>.eur.ad.sag:8586
  • SAML Third party authentication URL: https://<MachineName>.eur.ad.sag:8586/SAMLSSOService
  • User Id Location: Subject
  • Create Users: select check box
  • Attribute for First Name: FirstName
  • Attribute for Last Name: LastName
  • Attribute for Email: EmailID
  • Default Team: My Team
  • Default Access Profile: Administrator [Select required profile]
  • Default Application: Service Desk [Select required application]
  • Default Role: Manager [Select required Role]

d. For Issuer Certificate either use stored certificate or copy paste the below content in the given text area, note that no white spaces are allowed.

-----BEGIN CERTIFICATE-----

MIIC5DCCAk2gAwIBAgIBATANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzER

MA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEUMBIGA1UEChMLU29m

dHdhcmUgQUcxEDAOBgNVBAsTB3dNIGRlbW8xHDAaBgNVBAMTE1NvZnR3YXJlIEFH

IGRlbW8gQ0EwHhcNMTAxMDE0MTUwMjA0WhcNMjAxMDExMTUwMjA0WjBtMQswCQYD

VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExDzANBgNVBAcTBlJlc3RvbjEUMBIG

A1UEChMLU29mdHdhcmUgQUcxEDAOBgNVBAsTB3dNIGRlbW8xEjAQBgNVBAMTCWxv

Y2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuHDqOvzVHC+nh0YZ

QmhBjvcukoiWeP52HD816orUh/dDyWGn0uVuAiE/wkr6RzTNnxbfbm1ju2Xtl+gJ

3DRg9t0GJ7Q7e0nAZhfACCyABsNjr8xxNt7PTszAKAdQR+l5LhGvakFBA6EiE5XQ

0DyUxtaay23eC2HuO7+5HrILY68CAwEAAaOBiTCBhjAJBgNVHRMEAjAAMDkGCWCG

SAGG+EIBDQQsFipTb2Z0d2FyZUFHIGRlbW8gQ0EsIG5vdCBmb3IgcHJvZHVjdGlv

biB1c2UwHQYDVR0OBBYEFFiP2SPJy24YLowMbvbIPRjtWuepMB8GA1UdIwQYMBaA

FD59W89fT06w2CM38E3pk1Doy8xzMA0GCSqGSIb3DQEBBQUAA4GBACCyYPfYhRLu

V3nsf4e5HWgFiJYOo3IbqcApCp707M+FSqr7nEbyhNZ1eZqsGZgKBfcher8MKuHE

dpS6H7LDJsHjnn4YNXSa4B6hlgexbxQcM8HmYSkv3B903U8ndO460DtgS1b0Ougm

TIB9Ith+rrAR/4ayfSu6piYewyydacyg-----END CERTIFICATE-----

e. Save the configuration, the overall configuration setting will look as in below screenshot,

     3. SAML SSO Configuration in MWS

a. Login to MWS as system admin

URL: http://<MachineName>.eur.ad.sag:8585

Username: Sysadmin

Password: manage

b. Navigate to Folders > Administrative Folders > Administration Dashboard > Configuration > SAML SSO Configure SP and provide below values for parameters and save.

  • Service Provider Name: https//<MachineName> [Or any other name]
  • SAML Issuer Identifier: : https//<MachineName>:<port>
  • Default Relay State: Ticket value in the previously noted down “Platform Authentication Service URL”
  • SAML Response Consumer Endpoint: Previously noted down “Assertion Consumer Service EndPoint”

     4. Add following entry in <Software AG_directory>\profiles\MWS_default\configuration\ custom_wrapper.conf

wrapper.java.additional.604=-Dcasemanagement.samlsso.useSAMLResponse=true

     5. Business console configurations

a. Login to Business console as system Administrator

URL: http://<MachineName>.eur.ad.sag:8585/businessconsole

Username: Administrator

Password: manage

b. Navigate to Profile picture > Administer Business Console , provide following parameter value and save.

AgileApps URL: https://vmmsqt03.eur.ad.sag:8284

 

      6. SSO verification

a. Restart MWS

b. In browser open, previously noted “Platform Authentication”, and login as,=

Username: Administrator

Password: manage

                      If login leads to Agile Apps page, SSO is configured successfully.

Note: If SSO user needs to access Business console Tasks following steps needs to be performed,

  1. Login to IS as Administrator

URL: http://<MachineName>.eur.ad.sag:5555

Username: Sysadmin

Password: manage

 

  1. Navigate to Packages > Management

a. Click on Home link of “WmTaskClient” package and edit with following values and save

Task Server: Remote MWS

Task Server URL: https://<MachineName>:<HttpsPort>

Example: https://vmmsqt03.eur.ad.sag:8586

c. Reload “WmTaskClient” package

     3. Business console configurations

a. Login to Business console as system Administrator

URL: http://<MachineName>.eur.ad.sag:8585/businessconsole

Username: Administrator

Password: manage

b. Navigate to Profile picture > Administer Business Console, provide following parameter value and save.

Task Engine URL: https://vmmsqt03.eur.ad.sag:8586

Now SSO user should be able to access Case, Task and Process in Business Console