Initializing help system before first use

Configuring Xpress Insight to use SAML 2.0

  1. Open a Command Prompt on the machine hosting the Xpress Insight Server in the <SERVER_CONFIG_DIR>. For more on <SERVER_CONFIG_DIR>, see Important Note about this Guide.
  2. Type the following in the Command Prompt, updating the bracketed text for these settings:
    Line Description
    storepass <change me> Replace the text <changeme> with the password to be added to the KeyStore—This user generated password is only used for the encryption of communications between the IdP and Xpress Insight

    You will need this password for when you edit the application.properties file in step 4 below.

    cn=<insight-hostname> Enter the URL of the Xpress Insight 5 Server 
    keytool -genkey -v -keystore saml2-keystore -storepass <change me> -alias insight-saml2 -dname "cn=<insight-hostname>, ou=Unknown, o=Unknown, c=Unknown" -storetype PKCS12 -keyalg RSA -keysize 2048 -validity 10000

    The saml2-keystore file is saved to the <SERVER_CONFIG_DIR>.

    The certificate held within the saml2-keystore is used by Xpress Insight for signing and validation of the SAML authentication process. It can optionally be used to encrypt the SAML assertion returned from the IdP, explained in the steps below.

  3. Xpress Insight uses an application properties file to register the location of certain files. The section containing these locations is commented out by default on installation and must be edited to enable SAML. Navigate to your Xpress Insight data folder and use a suitable text editor to open the application.properties file in <SERVER_CONFIG_DIR>.
  4. Un-comment and edit the following lines in the HTTPS configuration section, updating the bracketed text on these lines:
    Line Description
    insight.server.security.saml2.encryption-key-store-password=<change me> Replace the text <changeme> with the password you previously added to the KeyStore.
    insight.server.security.saml2.after-logout-url=https://<idp-host>

    Replace the text https://<idp-host> with the home page of your IdP. This is the url that a user will be directed to when they log out of the IdP 

    insight.server.security.authentication=saml2
insight.server.security.saml2.idp-metadata-xml=config/saml2-idp-metadata.xml
insight.server.security.saml2.encryption-key-store=config/saml2-keystore
insight.server.security.saml2.encryption-key-store-password=<change me>
insight.server.security.saml2.encryption-key-alias=insight-saml2
insight.server.security.saml2.after-logout-url=https://<idp-host>
  5. Finally, restart the Xpress Insight Server and verify you can log in to and log out from Insight 5.
    If login did not succeed, check the server logs for more information.
Parent Topic Setting up SAML 2.0 Authentication

© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.