SAML authentication
Web Services supports Security Assertion Markup Language (SAML) for single sign-on (SSO) authentication to the Agent Desktop and custom integrations.
Configuring SAML
To enable SAML, make the following configuration changes in the serverSettings section of the application.yaml file on each of your Web Services nodes:
Start
- Set the following options in the SSL and CA section:
- caCertificate — should point to a JKS key storage that includes the SAML encryption key. See Generating security keys for details.
- jksPassword — should be the password for the caCertificate key storage.
- Set the following option in the SAML section:
- samlSettings — the following properties are mandatory:
- encryptionKeyName
- signingKeyName
- identityProviderMetadata
- samlSettings — the following properties are mandatory:
- Save the changes to the file. Your configuration should look something like this:
# SSL and CA caCertificate: /Users/samluser/Documents/Keys/keystore.jks jksPassword: password # SAML samlSettings: serviceProviderEntityId: genesys.staging.GWS encryptionKeyName: client signingKeyName: client identityProviderMetadata: /Users/samluser/Documents/Metadata/idp-metadata.xml
- To activate SAML authentication, append the browser URL for Workspace Web Edition with ?authType=saml.
- To enable extended SAML logging, add the following string to logback.xml file: <logger name="org.springframework.security.saml2" level="%LEVEL%"/>, where valid values for LEVEL are INFO (preferred) or DEBUG.
End
Generating security keys
You can use the keytool utility that comes with the Java SDK to generate a JKS key store. Use the following command:
keytool -genkey -keystore <path_to_jks_file> -alias <key_name> -keypass <key_password> -storepass <store_password> -dname <distinguished_name>
If you already have a JKS key store, you can add a key to it by executing the command above with the same file name and the new key name and key password. For example:
keytool -genkey -keystore /opt/keystore.jks -alias encryption_key -keypass genesys -storepass genesys -dname "CN=GWS, OU=R&D, O=Genesys, L=Daly City, S=California, C=US"
Next step
This page was last edited on August 20, 2024, at 07:07.
Comments or questions about this documentation? Contact us for support!