Skip to content

Appendix : AZURE Enterprise App

Jump to bottom
Amit Gupta edited this page Mar 7, 2021 · 1 revision

In order to use Azure Enterprise App for xCP SAML2.0 integration follow some screenshots below. Please refer OpenText Documentum xCP SAML2.0 Integration with OKTA for most of the steps from start, and follow below steps to register SAML2.0 App on Azure and downloading metadata/federationmetadata, certificates. Use xCP App 'rest-api-runtime.properties' file as mentioned here.

Register App on Azure AD

Please follow the screenshots below to register SAML2.0 APP.

Download Federation Metadata XML and Certificates

Download the metadata and certificate from SAML Signing Certificate section as shown in the screenshot below.

SAML Signing Certificate

Modify the rest-api-runtime.properties

Please mind the path, passwords etc as per your environment.

#
# Copyright (c) 2017. Open Text Corporation. All Rights Reserved.
#

# This file holds configurable parameters for the xCP REST server side deployment.
# Settings in this file override the default ones defined in specific libraries.


###################################################
##        xCP Rest Service Configuration         ##
###################################################

# The default number of results per page. The value MUST be a non-negative integer. The default value is 100.
rest.paging.default.size=100

# Specifies the max number of results per page.
rest.paging.max.size=1000

####################################################
##       Security Configuration                   ##
####################################################

# Authentication scheme
#rest.security.auth.mode=basic
# SAML authentication schema
#rest.security.auth.mode=saml
# For fallback support, change the mode to saml-basic
rest.security.auth.mode=saml-basic
#specify the java key store file
rest.security.saml2.ks.file=/usr/local/tomcat/conf/xcpapp.keystore
#specify the password of the java key store
rest.security.saml2.ks.password=changeit
#specify the alias of key entry used by the SAML Service Provider to sign the SAML message
rest.security.saml2.ks.entry.alias=xcpapp
#specify the password of the key entry used by the SAML Service Provider to sign the SAML message
rest.security.saml2.ks.entry.password=changeit
#specify the HTTP method used to send SAML request to the Identity Provider
rest.security.saml2.request.binding=HTTP-Redirect
#specify the metadata files of the Identity Providers
rest.security.saml2.idp.metadata.files=/usr/local/tomcat/conf/metadata.xml
#specify the attributes used to extract principal names from the SAML response
#rest.security.saml2.user.attributes=UserName
#specify the cookie timeout of SAML request token
rest.security.client.saml2.timeout=300
#specify the documnetum ticket timeout , our recommendation is to set the value twice as the http session timeout for the xCP application and provide value is in minutes
xcp.signon.ticket.timeout=480
xcp.signon.saml.assertion.maxage=30600
xcp.signon.logout.url=https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0
Clone this wiki locally