Updating Okta Token certificate and Custom properties for SAML
When you configure AppScan Enterprise with the Okta service, you must add the associated Single Sign-On, Issuer URLs and Token certificate to the SAML properties.
Before you begin
- You must have user having privileges to access AppScan Enterprise installation folders.
- You must be Okta administrator.
- You must have configured Okta as an IdP for SAML in AppScan Enterprise. See, Enabling SAML Service Provider.
About this task
The entire process of SAML-SSO authentication is validated between an SP and IdP based on the these IdP entity URLs. The Single Sign-on URL is the IdP URL that is used for accessing Okta application from where you can log in to AppScan Enterprise application SP; while the Issuer URL is the unique URL through which the SP identifies the IdP for SAML assertion, and the SAML Token Signer certificate generated during AppScan Enterprise application integration, is the basis for IdP to establish trust with the SAML service provider for exchanging authentication requests.
This section explains about updating the SAML properties with the Okta custom properties and the SAML Token signer certificate.
Procedure
- Log in to your Okta account.
-
Under the CATEGORIES menu, click Apps.
The list of applications integrated with the Okta account is displayed.
-
Click AppScan Enterprise application from this list.
The AppScan Enterprise application configuration page is displayed.
- Click the Sign On tab.
-
Click View Setup Instructions under the Settings
section.
Note: This is displayed only when you are setting up AppScan Enterprise application in Okta for the first time. However, you can use the Edit option to modify or change the configurations later.You can view the following properties values generated by IdP in the View Setup Instructions page that is displayed:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate
-
Copy the values corresponding to each of these properties to a notepad.
Note: Before copying the X.509 certificate information, you must convert the certificate data into the single line string format.Tip: You can use the https://www.samltool.com/format_x509cert.php tool to convert certificate data into different formats such as single-line string format.
- Go to the server where you have installed the AppScan Enterprise application.
- Navigate to the configuration files folder in the installation directory where the AppScan Enterprise software package is installed. For example: <installation directory>\AppScan Enterprise\Liberty\usr\servers\ase\config.
- Locate and open the SAML configuration properties, onelogin.saml.properties, file in a text editor.
-
Update the following custom properties in the SAML configuration properties file,
onelogin.saml.properties, with the generated values you have noted from the
Okta View Setup Instructions page.
SAML Property Property values to update onelogin.saml2.idp.single_sign_on_service.url Update the Identity Provider Single Sign On URL value. onelogin.saml2.idp.entityid Update the Identity Provider Issuer value. onelogin.saml2.idp.x509cert Update the single line string value of the X.509 certificate, which you have noted. onelogin.saml2.sp.assertion_consumer_service.url Edit these parameters with the value <ASE url>/api/saml onelogin.saml2.sp.entityid Edit these parameters with the value <ASE url>/api/metadata.jsp - After updating the onelogin.saml.properties file, save and close it.