Reverting disabled SSO configuration for SAML

You can revert to the default SAML SSO configuration with single sign-on disabled if there are problems with logging in to the application.

About this task

To revert to the disabled SAML SSO configuration, follow the automated procedure below.

Procedure

  1. Stop the BigFix Inventory server.
  2. Restore the web.xml file from the web.xml.timestamp.backup file. The backup file was created automatically in the following location:
    • Unix systems bfi_install_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
    • Windows systems bfi_install_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
  3. Start the BigFix Inventory server.

Reverting disabled SSO configuration for SAML manually

About this task

It is recommended to use the automated solution to revert to the disabled SAML SSO configuration. However, if the automated solution is not successful, follow the steps below to revert the default SAML SSO configuration manually.

Procedure

  1. Stop the BigFix Inventory server.
  2. Make changes in the server.xml file that is in the following directory.
    • Unix systems bfi_install_dir/wlp/usr/servers/server1
    • Windows systems bfi_install_dir\wlp\usr\servers\server1
    1. Remove the <application-bnd> element that is inside of the <application> element. 
      <application autoStart='true' location="tema.war" context-root="/" name="tema" type="war">
  <classloader commonLibraryRef='tema,DatabaseLib' delegation='parentLast'/>
    <application-bnd>
      <security-role id="TemaSSOAuthenticated" name="TemaSSOAuthenticated">
        <special-subject type="ALL_AUTHENTICATED_USERS" />
      </security-role>
    </application-bnd>
</application>
    2. Remove the <feature>samlWeb-2.0</feature> element that is inside the <featureManager> element.
    3. Remove the <samlWebSso20> element if it exists.
  3. Make changes in the web.xml file that is in the following directory.
    • Unix systems bfi_install_dir/wlp/usr/servers/server1/apps/tema.war/WEB-INF
    • Windows systems bfi_install_dir\wlp\usr\servers\server1\apps\tema.war\WEB-INF
    1. Set the value of the <config.sso.enabled> parameter to false. 
      <context-param>
    <param-name>config.sso.enabled</param-name>
    <param-value>false</param-value>
</context-param>
    2. Remove the <security-constraint> element. 
      <security-constraint>
	<display-name>TemaSSOAuthenticated</display-name>
	<web-resource-collection>
 		<web-resource-name>index</web-resource-name>
		<url-pattern>/</url-pattern>
		<url-pattern>/session/*</url-pattern>
		<url-pattern>/management/*</url-pattern>
		<url-pattern>/scm/*</url-pattern>
		<url-pattern>/sam/*</url-pattern>
		<url-pattern>/setup/*</url-pattern>
		<url-pattern>/internal/*</url-pattern>
		<url-pattern>/wait_for_import</url-pattern>
		<url-pattern>/import_finalizing</url-pattern>
		<url-pattern>/import_status</url-pattern>
		<url-pattern>/missing_computer_group</url-pattern>
		<url-pattern>/account/*</url-pattern>
		<url-pattern>/autocomplete/*</url-pattern>
		<url-pattern>/pagestates/*</url-pattern>
		<url-pattern>/reports/*</url-pattern>
		<url-pattern>/test/*</url-pattern>
		<url-pattern>/help/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
		<role-name>TemaSSOAuthenticated</role-name>
	</auth-constraint>
	<user-data-constraint>
		<transport-guarantee>CONFIDENTIAL</transport-guarantee>
	</user-data-constraint>
</security-constraint>
  4. Start the BigFix Inventory server.