Jump to: navigation, search

SAML authentication

Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication to the Agent Desktop and custom integrations.

Configuring SAML

To enable SAML, make the following configuration changes in the serverSettings section of the application.yaml file on each of your Web Services nodes:

Start

  1. Set the following options in the SSL and CA section:
  2. Set the following option in the SAML section:
    • samlSettings — the following properties are mandatory:
      • encryptionKeyName
      • signingKeyName
      • identityProviderMetadata
  3. Save the changes to the file. Your configuration should look something like this:
    # SSL and CA
    caCertificate: /Users/samluser/Documents/Keys/keystore.jks
    jksPassword: password
    
    # SAML
    samlSettings:
        serviceProviderEntityId: genesys.staging.GWS
        encryptionKeyName: client
        signingKeyName: client
        identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml
  4. To activate SAML authentication, append the browser URL for Workspace Web Edition with ?authType=saml.
  5. To enable extended SAML logging, add the following string to logback.xml file: <logger name="org.springframework.security.saml2" level="%LEVEL%"/>, where valid values for LEVEL are INFO (preferred) or DEBUG.

End

Generating security keys

You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:

keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>

If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:

keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=GWS, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"

Next step

This page was last edited on August 20, 2024, at 07:07.
Comments or questions about this documentation? Contact us for support!