Configuring SAML redirection services for web SSO
To gain SAML support for all HCL Connections™ components that are accessed through a browser, set up SAML redirection services to use the default authenticator. This process replaces the web login page for Connections with your SAML Identity Provider (IdP) by using a redirect.
About this task
- Tivoli Federated Identity Manager - HCL Tivoli Federated Identity Manager 6.2.2, SAML 2.0 IdP only
- MS-ADFS - Microsoft™ ADFS 2.0, SAML 2.0 IdP only
Review the following table to understand the current level of SAML support in Connections and verify that your requirements can be met. If your requirements are not clearly met, then do not proceed with configuring SAML.
Other features and clients can still use WebSphere LTPA or built-in forms-based authentication. The following applications might not redirect to the SAML IdP and can use built-in login forms that are supplied by the Connections application, WebSphere, or the clients.
- Mobile web-based
- Mobile Native Apps
- Connections Mail
- WebSphere® Portal integration Desktop, Notes®, and other client application integration and other add-ons
- HCL Forms (added in IFR1)
- Direct access to FileNet Administration Console or Cognos outside of the integration to the Connections user interface - common for administrators and developers, but not most users.
- Direct access to Connections APIs
These additional applications still function, but do not redirect to, or use, your SAML IdP for authentication. When you use any of these noted applications, WebSphere's built-in authentication mechanisms must still be correctly configured and functioning when you use SAML for Connections.