Step 2: Generate the SP Metadata
FlexNet Code Insight 6.14.1
The following procedure generates the SP metadata using the Spring Security SAML application.
To generate the SP metadata using Spring Security SAML:
| 1. | Start the Spring Security SAML Extension web application by running the following command: |
fnciInstallPath/tomcat/webapps/spring-security-saml2-sample
| 2. | Once the application is started, navigate to Metadata Administration | Login | Generate new service provider metadata. |
| 3. | In the Metadata Generate Filter section, provide the following values (or values appropriate to your site): |
|
Field |
Value |
|
Store for the current session |
Select No. |
|
Entity ID |
Provide the identifier for the Code Insight Core Server as an SP in the format <w>:<x>:<y>:<z>, as in the example: palamida:cust:test:server1 This ID must be unique among the other entity IDs. It is usually specified by the Identity Provider but is not mandated by SSO. |
|
Entity base URL |
Provide the HTTPS URL handling the SP user’s sign-in requests. This is usually the URL for the Core Server in HTTPS://myhost.mycompany.com:port format, where port is the default port for the Core Server. (For default Code Insight ports, see “Network and Firewall Considerations” in the FlexNet Code Insight Installation and System Administration Guide.) |
|
Entity alias |
Enter defaultAlias. |
|
Signing key |
Provide the path and name of the keystore you created for SSO. (This value should reflect the value entered for myKeystore in the keyManager bean definition described in Step 1: Download and Configure the Spring Security SAML Extension.) |
|
Encryption key |
Provide the path and name of the keystore you created for SSO. (See the previous entry.) |
|
Signature security profile |
Select MetalOP. |
|
SSL/TLS security profile |
Select PKIX. |
|
SSL/TLS hostname verification |
Select Standard hostname verifier. |
|
SSL/TLS client authentication |
Select None. |
|
Sign metadata |
Select Yes. |
|
Signing algorithm |
Enter http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. |
|
Sign sent AuthNRequests |
Select Yes. |
|
Require signed authentication Assertion |
Select No. |
|
Require signed LogoutRequest |
Select No. |
|
Require signed LogoutResponse |
Select No. |
|
Require signed ArtifactResolve |
Select No. |
|
Single sign-on bindings |
Select SSO HTTP-POST as the default. (Uncheck SSO Artifact.) |
|
Supported NameIDs |
Select Transient, E-Mail, and X509 Subject. |
|
Enable IPD Discovery profile |
Select No. |
| 4. | Generate the metadata. |
| 5. | Save the contents of the Metadata text box to SPMetadata.xml, and copy this file to fnciInstallPath/config/core/security in the Code Insight Core Server installation. |
| 6. | Save the contents of the Configuration text box to Extended.xml in a temporary location of your choice for later reference. (You will need this file when updating the core.sso.properties in Step 3: Configure the SSO Common Properties File.) |
| 7. | (Optional) If you want signing but not encryption in SSO communications, open the file SPMetadata.xml file, locate the encryption tag (usually the second tag), and remove everything between the tag and </md:KeyDescriptor>, including the encryption tag and </md:KeyDescriptor>. |