Table of Contents

Search

  1. Preface
  2. Starting Data Archive
  3. System Configuration
  4. Database Users and Privileges
  5. Source Connections
  6. Target Connections
  7. Archive Store Configuration
  8. Datatype Mapping
  9. Database Optimization
  10. SAP Application Retirement
  11. z/OS Source Data Retirement
  12. Seamless Data Access
  13. Data Discovery Portal
  14. Security
  15. SSL Communication with Data Vault
  16. LDAP User Authentication
  17. Auditing
  18. Running Jobs from External Applications
  19. Salesforce Archiving Administrator Tasks
  20. Upgrading Oracle History Data
  21. Upgrading PeopleSoft History Data
  22. Data Archive Maintenance
  23. Appendix A: Datetime and Numeric Formatting
  24. Appendix B: Data Archive Connectivity

Administrator Guide

Administrator Guide

Step 3. Configure Data Archive for Single Sign-On

Step 3. Configure Data Archive for Single Sign-On

To configure Data Archive for single sign-on, update the
conf.properties
file.
  1. In the ILM installation directory, open the
    conf.properties
    file.
  2. Locate the "#Properties to be provided for enabling Single sign on" section in the
    conf.properties
    file. Uncomment the statements below and enter the following details:
    1. Enable the property
      informia.sso.enable = Y.
    2. Provide the path of the identity provider metadata file, which you copied to the Data Archive machine from the identity provider in Step 2. Example:
      informia.idp.metedata.file = c:\\metadata
    3. Update the property
      informia.key.path
      with the KeyStore path created in Step 1. Example:
      informia.key.path = c:\\generatedKeys
    4. Update the property
      informia.key.alias.name
      , the alias name for the KeyStore. This is the name used when you created the KeyStore file in Step 1. Example:
      informia.key.alias.name = testkey01
    5. Update the property
      informia.key.password
      , the password for the KeyStore, which you set when you created the KeyStore. Before you update the property, this password must be encrypted using the encrypt password utility (
      encryptPassword.bat
      or
      encryptPassword.sh
      ) provided in Data Archive. Run the utility using the commands below to encrypt the password from the ILM directory:
      encryptPassword.bat
      for Microsoft Windows
      encryptPassword.sh
      for Unix
      For example, if you created the KeyStore password "testkey01" in Step 1., run the following command to return the encrypted password:
      encryptPassword.bat testkey01
      Example of an encrypted password:
      informia.key.password = D5YgPl814QpCtSgoYHbsCg==
    6. Add the property "
      informia.idp.home.url"
      with the value as the identity provider home URL. This proprety is not required for all identity providers (Okta, Onelogin). Example:
      informia.idp.home.url= https://desktop.pingone.com
  3. Save and close the
    conf.properties
    file.
    The following screenshot is an example of the single sign-on properties in the
    conf.properties
    file.
  4. If you integrated an LDAP directory with the identity provider, you must run the sync with LDAP server standalone job in Data Archive to sync the users and roles to the ILM repository (AMHOME) before you restart the Data Archive server. When you run the LDAP sync job to sync the LDAP users to Data Archive, your Data Archive user name will be same as the LDAP user name. To use single sign-on, you must configure that same user name between the identity provider and Data Archive, so that the user matches in AMHOME. For more information on the sync with LDAP server standalone job, see Chapter 4 of the
    Informatica Data Archive User Guide
    .
  5. Restart the Data Archive server.
After you enable single sign-on, you can access Data Archive through either the identity provider or through the Data Archive environment URL. In both cases, Data Archive will open to the page appropriate for your user role. You will not be asked to log into Data Archive. If you are logged out of your identity provider or do not have an authenticated session, opening the Data Archive URL redirects you to the login page for your identity provider. However, if the identity provider session expires while you are still working in Data Archive, the Data Archive session will not automatically expire.

0 COMMENTS

We’d like to hear from you!