Initializing help system before first use

Configuring Xpress Insight 5 to use SAML 2.0

  1. Open a Command Prompt on the machine hosting the Xpress Insight Server in the <SERVER_CONFIG_DIR>. For more on <SERVER_CONFIG_DIR>, see Important Note about this Guide.
  2. Type the following in the Command Prompt, updating the bracketed text for these settings:
    Line Description
    storepass <change me> Replace the text <changeme> with the password to be added to the KeyStore—This user generated password is only used for the encryption of communications between the IdP and Xpress Insight

    You will need this password for when you edit the application.properties file in step 4 below.

    cn=<insight-hostname> Enter the URL of the Xpress Insight 5 Server 
    keytool -genkey -v -keystore saml2-keystore -storepass <change me> -alias insight-saml2 -dname "cn=<insight-hostname>, ou=Unknown, o=Unknown, c=Unknown" -storetype PKCS12 -keyalg RSA -keysize 2048 -validity 10000

    The saml2-keystore file is saved to the <SERVER_CONFIG_DIR>.

    The certificate held within the saml2-keystore is used by Xpress Insight for signing and validation of the SAML authentication process. It can optionally be used to encrypt the SAML assertion returned from the IdP, explained in the steps below.

  3. Xpress Insight 5 uses an application properties file to register the location of certain files. The section containing these locations is commented out by default on installation and must be edited to enable SAML. Navigate to your Xpress Insight 5 data folder and use a suitable text editor to open the application.properties file in <SERVER_CONFIG_DIR>.
  4. Un-comment and edit the following lines in the HTTPS configuration section, updating the bracketed text on these lines:
    Line Description
    insight.server.security.saml2.encryption-key-store-password=<change me> Replace the text <changeme> with the password you previously added to the KeyStore.
    insight.server.security.saml2.after-logout-url=https://<idp-host>

    Replace the text https://<idp-host> with the home page of your IdP. This is the url that a user will be directed to when they log out of the IdP 

    insight.server.security.authentication=saml2
insight.server.security.saml2.idp-metadata-xml=config/saml2-idp-metadata.xml
insight.server.security.saml2.encryption-key-store=config/saml2-keystore
insight.server.security.saml2.encryption-key-store-password=<change me>
insight.server.security.saml2.encryption-key-alias=insight-saml2
insight.server.security.saml2.after-logout-url=https://<idp-host>
  5. Finally, restart the Xpress Insight Server and verify you can log in to and log out from Insight 5.
    If login did not succeed, check the server logs for more information.
Parent Topic Setting up SAML 2.0 Authentication