Prolaborate and IBM Security Access Manager Integration
Prerequisites
Your Prolaborate site should have a valid SSL Certificate.
If you don’t have an SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with the Prolaborate team to know more about it.
Service Provider Configuration
To configure the Service Provider, click on Menu → SAML Single Sign On.
From the top of the page that opens, click on Enable SSO.
Under Service Provider Configuration,
Name | The name will be prefilled |
Assertion Consumer URL | Assertion Consumer URL will be Prefilled |
Certificate File | Choose the .pfx file of your SSL certificate |
Certificate Password | Enter the Password of the .pfx file |
Configuring Prolaborate in IBM Security Access Manager
The following sections will elaborate on the steps involved in setting up Prolaborate in IBM Security Access Manager.
Create a new SAML Application
To create a SAML application, follow the below steps:
Sign into the IBM Security Access Manager using your administrator account
Click Application in the landing page.
Click on Add application to create your customised application
It will navigate you to the below page. In there, select Custom Application and Click Add.
Define your Custom Applications name and Company name.
Add application “Owner”.
Users get a Modal window to add Owner. Select the owner and click OK.
SAML Single sign-on Configuration
Follow the below steps to configure SAML Single sign-on and get the required information that is needed to configure from the Prolaborate part:
In the SAML Configuration page enter the details in the respective fields as mentioned in the below table.
Provider ID | In this field copy & paste the Name from the Prolaborate Service Provider configuration |
Assertion Consumer Service URL(HTTP_POST) | In this field copy & paste the Assertion Consumer URL (ACU) from the Prolaborate Service Provider configuration |
Single logout URL (HTTP_POST) | In this field copy & paste the Sign Out URL from the Prolaborate Service Provider configuration |
Configure Attributes Mapping in Prolaborate
To configure the Attribute Mapping in Prolaborate, set up the below given Attributes format on IBM attribute mappings.
To use the SAML User groups in the Prolaborate. kindly choose the User group attribute from the dropdown and paste it in the Prolaborate SAML configuration.
Copy the IBM Attributes Name and paste them into Prolaborate Attributes Mapping.
Download Signed Certificate for upload
Download Certificate file. This certificate will be used in the Identity Provider configuration in Prolaborate.
Download Federation Metadata XML by click link as shown in the below image. You can avail Entity ID URL, Single Sign-On Service and Single Logout Service URL from this file, which will be used as Name and Sign out URL in Identity Provider configuration in Prolaborate
Configure Identity Provider in Prolaborate
Navigate back to Prolaborate and click on Menu → SAML Single Sign On. Follow the steps to fill in the details in Identity Provider (IDP) Configuration.
1) Fill the Name field using the Entity ID URL from the downloaded Federation Metadata XML file.
2) Fill the Sign in URL field using SingleSignOnService URL from the downloaded Federation Metadata XML file.
3) Fill the Sign Out URL field using Single Logout Service URL from the downloaded Federation Metadata XML file.
4) Certificate File: Copy this value and save the file as .cer format.
Choose the .cer file in the SAML Signing Certificate section.
Configure Default Access Control Profile in Prolaborate
Access Control Profiles let you define repository access rules and default user group membership for users added via SSO or Sign up.
To create an Access Control Profile, click on Menu > Access Control Profiles under portal settings. Click here to know more.
Log in with IBM Credentials
Once the configuration is done, users will see a new button on the login page called Login with SSO.
When users click on Login with SSO, it will be redirected to an URL as per configuration.
Now enter the IBM Security Access Manager credentials to login to Prolaborate.
If you’re experiencing challenges signing in using SSO, go at SAML Assertion Validation to debug the SAML configurations.
Logging out from Prolaborate
When a user logs out from Prolaborate, the user will be logged out from all applications signed in using their SSO credentials.