Disable SAML SSO configuration

You can revert to the default SAML Single Sign-On (SSO) configuration with SSO disabled if there are problems with logging in to the application.

About this task

To disable the SSO configuration for SAML manually, follow the below procedure:

Procedure

  1. Stop the BigFix Compliance service.
  2. Make changes in the server.xml file that is in the following directory:
    • UNIX: sca_install_dir/wlp/usr/servers/server1
    • Windows: sca_install_dir\wlp\usr\servers\server1
    1. Remove the <application-bnd> element from inside the <application> element: 
      <application autoStart='true' location="tema.war" context-root="/" name="tema" type="war">
  <classloader commonLibraryRef='tema,DatabaseLib' delegation='parentLast'/>
    <application-bnd>
      <security-role id="TemaSSOAuthenticated" name="TemaSSOAuthenticated">
        <special-subject type="ALL_AUTHENTICATED_USERS" />
      </security-role>
    </application-bnd>
</application>
    2. Remove the <feature>samlWeb-2.0</feature> element from the <featureManager> element.
    3. Remove the <samlWebSso20> element, if presents.
  3. Make changes in the web.xml file that is in the following directory.
    • UNIX: sca_install_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
    • Windows: sca_install_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
    1. Set the <config.sso.enabled> parameter to false: 
      <context-param>
    <param-name>config.sso.enabled</param-name>
    <param-value>false</param-value>
</context-param>
    2. Remove the <security-constraint> element. 
      <security-constraint>
	<display-name>TemaSSOAuthenticated</display-name>
	<web-resource-collection>
 		<web-resource-name>index</web-resource-name>
		<url-pattern>/</url-pattern>
		<url-pattern>/session/*</url-pattern>
		<url-pattern>/management/*</url-pattern>
		<url-pattern>/scm/*</url-pattern>
		<url-pattern>/sam/*</url-pattern>
		<url-pattern>/setup/*</url-pattern>
		<url-pattern>/internal/*</url-pattern>
		<url-pattern>/wait_for_import</url-pattern>
		<url-pattern>/import_finalizing</url-pattern>
		<url-pattern>/import_status</url-pattern>
		<url-pattern>/missing_computer_group</url-pattern>
		<url-pattern>/account/*</url-pattern>
		<url-pattern>/autocomplete/*</url-pattern>
		<url-pattern>/pagestates/*</url-pattern>
		<url-pattern>/reports/*</url-pattern>
		<url-pattern>/test/*</url-pattern>
		<url-pattern>/help/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>TemaSSOAuthenticated</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>
    3. Start the BigFix Compliance.