Introscope & SAML (saml.jsp)
Rédigé par gorki Aucun commentaireProblem :
I tried to connect Broadcom Introscope 10.7 and SAML given by Keycloak.
Based on these documents :
Well not enough to make it works.
Solution :
Thanks to remote debug mode, the key is that the callback URL is :
https://<webview url>/saml.jsp
Search for saml.jsp + introscope on google. Good luck.
Here are the steps (assuming that you already have a keycloak realm up and ready) :
Step 1 : IntroscopeEnteprise.properties
introscope.saml.enable=true
introscope.saml.request.binding=POST
introscope.saml.idpUrl=<URL_KEYCLOAK>/realms/<your realm>/protocol/saml
introscope.saml.issuer=com.ca.apm.webview.serviceprovider
introscope.saml.webstart.issuer=com.ca.apm.webstart.serviceprovider
introscope.saml.em.issuer=com.ca.apm.em.serviceprovider
introscope.saml.principalAttributeName=principalName
introscope.saml.groupsAttributeName=groups
introscope.saml.webstart.tokenTimeoutInSeconds=60
introscope.saml.internalIdp.enable=false
# introscope.saml.internalIdpUrl=http://localhost:8080/idp/profile/SAML2/POST/SSO
Step 2 : Keycloak configuration
- Create a client named as
introscope.saml.issuer
so in our case :com.ca.apm.webstart.serviceprovider
- Enter the callback URL in
Master SAML Processing URL
:https://<webview url>/saml.jsp
Step 3 : Certificates
You should secure you communication between Introscope and Keycloak :
- Provide HTTPS for Keycloak
- Provide HTTPS for Introscope
- Sign information in Keycloak client
- Import Keycloak key in a JKS truststore for Java (Webview part). Keycloak client certificate are in the client definition, tab “Keys”.
- Follow Official guide to create the JKS
- Point to this truststore (example : spprivatekey.jks) - next steps.
Step 4 : IntroscopeWebview.properties:
apm.webview.saml.sp.truststore=/path/to/spprivatekey.jks