If required in your environment, set up SAML (Security
Assertion Markup Language) 2.0 Web SSO redirection services support
for HCL Docs.
Before you begin
Before you can configure HCL Docs with SAML
2.0, complete the following tasks.
- Install HCL Connections 5.5 or later.
-
Set up SAML 2.0 for Connections.
About this task
HCL Docs is
supported in the SAML 2.0 environment with redirection services for
all available bookmarks. Redirection is identical to redirection in
the traditional environment of web browsers, without the need to go
through an extra front end application web page. The WebSphere Application
Server SAML service provider (SP) supports SAML 2.0 Identity Provider
(IdP) initiated single sign-on (SSO).
Procedure
- Set up SAML 2.0 for File Viewer.
You must always install the File Viewer application in
the same cell as Connections. After deploying File Viewer, complete these steps:
- Configure the File Viewer URL.
- Log in to the WebSphere Application Server console.
- Go to
- Add viewer as the value in property
sso_1.sp.filter
,
for example,sso_1.sp.filter =
request-url^=/snoop|/viewer/|/activities/|/blogs/|/cognos/|/communities/|/connections/|/dogear/|/files/|/forums/|/homepage/|/manage/|/metrics/|/moderation/|/news/|/profiles/|/search/|/wikis/|;request-url!=/anonymous/;request-url!=/api/;request-url!=/atom/;request-url!=/atom2/;request-url!=/bookmarklet/;request-url!=/calendar/;request-url!=/help/;request-url!=/home/;request-url!=/js/;request-url!=/mobile/;request-url!=/nav/;request-url!=/oauth/;request-url!=/oauth2/;request-url!=/opensocial/;request-url!=/p2pd/;request-url!=/resources/;request-url!=/tools/;request-url!=/serviceconfigs/;request-url!=/serverstats/;request-url!=/static/
- Go to .
- Configure Concerto service.
- Restart all clusters.
- Setting up SAML 2.0 for one cell.
You must complete these steps when you install HCL Docs in the same cell as Connections.
- Configure the HCL Docs URL.
- Log in to the WebSphere Application Server console.
- Go to .
- Add docs in the value of property
sso_1.sp.filter
,
for example,sso_1.sp.filter =
request-url^=/snoop|/docs/|/activities/|/blogs/|/cognos/|/communities/|/connections/|/dogear/|/files/|/forums/|/homepage/|/manage/|/metrics/|/moderation/|/news/|/profiles/|/search/|/wikis/|;request-url!=/anonymous/;request-url!=/api/;request-url!=/atom/;request-url!=/atom2/;request-url!=/bookmarklet/;request-url!=/calendar/;request-url!=/help/;request-url!=/home/;request-url!=/js/;request-url!=/mobile/;request-url!=/nav/;request-url!=/oauth/;request-url!=/oauth2/;request-url!=/opensocial/;request-url!=/p2pd/;request-url!=/resources/;request-url!=/tools/;request-url!=/serviceconfigs/;request-url!=/serverstats/;request-url!=/static/
- Go to .
- Configure Concerto service.
- Set
docsAdmin j2calias
.Get
docsAdmin
role:
- Logon WAS admin console and go to .
- Select docsAdmin role and get the Mapped
users....
Note: The Mapped users value
will be used in next step. The mapped user must be a user in IDP LDAP.
Create
J2C
Alias.
- Logon WAS admin console and go to .
- Create an alias docsAdmin and type the
user name and password that you get from previous step.
- Click OK and Save.
- Go to .
- Restart all clusters.
- If you set the auth_type property to SAML in the cfg.properties
file when you deployed the HCL Docs components, nothing more needs
to be done. If you are setting up SAML after deploying the HCL Docs components,
you must make the following manual changes:
- Edit DOCSCLUSTER_INSTALLPATH /config/concord-config.json to
set auth_type to SAML.
- Edit the JSON files:
WAS_INSTALL_PATH /profiles/Dmgr01/config/cells/cellName /LotusConnections-config/docs-daemon-config.json and viewer-daemon-config.json to
set auth_typeto SAML.
- Synchronize the nodes.
- Ripple start the Common Cluster (or whatever cluster
the News application is running under).