Summary
In order to provision SSO for your AP Automation system, there are some activities that must be completed or confirmed on your end.
Instructions
First of all, here is a description of how our SSO solution operates and what it supports:
- We support SP-initiated SSO only.
- We support SAML 2.0 and WS-* protocols only.
- Our SSO STS system is based on an ADFS 4.0 system.
In order for us to configure SSO for your system, you will first need to:
- Have an SSO system available that supports the above.
- Configure an Identity Provider / Claims provider in your system, using the metadata found at this URL:
https://sso.p2p.basware.com/FederationMetadata/2007-06/FederationMetadata.xml
- Pass a single claim to us as follows:
- Claim name: Name (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name)
- The content of this attribute should be the unique ID of the user wishing to log in.
- Ensure that the Name ID is set to transient.
Note: For the solution to work efficiently, Basware strongly recommends configuring your cookies to expire when the user closes the session/browser.
This information should make sense to your IT department.
Once this is completed, please provide us with the following:
- Your system's Federation Metadata (a URL is preferred for automatic updates of metadata information).
- This should be in the form of a URL link or an XML file.
- It should contain the certificate/key information within it; the certificate/key should not be sent as a separate item.
- Please inform us whether you are using two different IdPs for Test and Production in your SSO solution, or just one IdP.