SAML with WSO2

Based on your application type, refer to the appropriate sections for SAML with WSO2 configuration:

Once SAML configuration is ready, you can add user groups to erwin Mart Portal

Before you configure SAML with Okta, ensure that you have responded to the questionnaire from your Quest Support representative so that they can provide you with the Reply URL for your instance. If you did not receive the questionnaire, reach out to your Quest Support representative.

To configure WSO2 SAML for erwin Mart Portal on-cloud authentication, follow these steps:

  1. Download WSO2 Identity Server here.

  2. Extract the installer and open the extracted folder.

  3. Run command prompt and run the wso2server.bat command.

    Ensure that the path for the JAVA_HOME environment variable is configured.

  4. Copy the Mgt Console URL, highlighted in the following image.

    Saml Wso2 Url

  5. Open the URL in a web browser and log in using the following credentials:

    • username: admin

    • password: admin

  6. Under Service Providers, click Add.

    Saml Wso2 Addserviceprovider

  7. Enter an appropriate Service Provider Name and click Register.

    Saml Wso2 Registeredserviceprovider

  8. Enter your Reply URL provided by Quest Support.

  9. Expand Claim Configuration and click Use Local Claim Dialect.

  10. Click Add Claim and add email address and groups.

    Saml Wso2 Localclaimdialect

    Similarly, you can add a display name here.

  11. Under Inbound Authentication Configuration, click SAML2 Web SSO Configuration > Configure.

  12. Configure properties as shown in the following image.

    Saml Wso2 Register Editserviceprovider

  13. Click Download IDP Metadata.

  14. Click Register.

  15. Under Users and Roles, click Add > Add New User. Then, enter the necessary information.

    Saml Wso2 Addnewuser

  16. Under Users and Roles, click Add > Add New Role. Then, enter the necessary information.

    Saml Wso2 Addnewrole

  17. Click Finish.

    Saml Wso2 Roles Assignusers

  18. For the required role, click Assign Users.

    Saml Wso2 Roles Assignusers Demorole

  19. Click Finish.

  20. Share the following details with the Mart Cloud Support team:

    • IDP Metadata File

    • Group Attribute Name

    • User Email Attribute Name

    • User Display Name Attribute Name

Once the support team authenticates erwin Mart Portal for you, you can move to adding groups in erwin Mart Portal at https://<your_instance>.myerwin.com/MartPortal.

To configure WSO2 SAML for erwin Mart Portal on-premises authentication, follow these steps:

  1. Download WSO2 Identity Server here.

  2. Extract the installer and open the extracted folder.

  3. Run command prompt and run the wso2server.bat command.

    Ensure that the path for the JAVA_HOME environment variable is configured.

  4. Copy the Mgt Console URL, highlighted in the following image.

    Saml Wso2 Url

  5. Open the URL in a web browser and log in using the following credentials:

    • username: admin

    • password: admin

  6. Under Service Providers, click Add.

    Saml Wso2 Addserviceprovider

  7. Enter an appropriate Service Provider Name and click Register.
    Saml Wso2 Registeredserviceprovider

  8. Click Upload SP certificate and upload the myerwin.mart.crt file available at C:\Program Files\erwin\Mart Portal\Apache\.

    Saml Wso2 Spcertificate

  9. Expand Claim Configuration and click Use Local Claim Dialect.

  10. Click Add Claim and add email address and groups.

    Saml Wso2 Localclaimdialect

    Similarly, you can add a display name here.

  11. Under Inbound Authentication Configuration, click SAML2 Web SSO Configuration > Configure.

  12. Configure properties as shown in the following image.

    Saml Wso2 Register Editserviceprovider

  13. Click Download IDP Metadata.

  14. Click Register.

  15. Under Users and Roles, click Add > Add New User. Then, enter the necessary information.

    Saml Wso2 Addnewuser

  16. Under Users and Roles, click Add > Add New Role. Then, enter the necessary information.

    Saml Wso2 Addnewrole

  17. Click Finish.

    Saml Wso2 Roles Assignusers

  18. For the required role, click Assign Users.

    Saml Wso2 Roles Assignusers Demorole

  19. Click Finish.

  20. On the erwin Mart Portal configuration screen, click the Authentication tab, and then follow these steps:

    1. In the Metadata XML field, select File, and then add the IDP metadata file downloaded in step 13.

    2. In the Group Attribute Name, User Email Attribute Name, and User Display Name Attribute Name fields, enter the values that are configured in step 10.

      Saml Wso2 Martconfig Authentication

      The User Email Attribute Name and User Display Name Attribute Name fields are optional.

  21. Click Configure.

Your erwin Mart Portal is now authenticated via WSO2.

Adding Groups in erwin Mart Portal

To add your WSO2 SAML groups to erwin Mart Portal, follow these steps:

  1. Create a CSV file containing the <group_attribute_value> and <group_display_name>.

    You can also use the sample template for groups and replace the sample values with the actual Group Attribute Name and Group Display Name.

    Saml Groupexportcsv

    Saml Groupexportcsvformat

  2. Log in to the erwin Mart Portal as an administrator.

  3. Go to Application Menu > Users.
    The Users page appears.

    Users

  4. Click Add User.
    The Add User page appears.

    Add User

  5. Under User Type, select SAML Group

    Saml Groupuploadusers

  6. Drag and drop the CSV file that you created in step 1.

  7. Under Group name, select the required group.

  8. In the Email Address field, enter your email address.

  9. Click Save.

The group has been added.