Configure SAML 2.0 authentication on the server

Remote Control V9.1.3 introduced support for SAML 2.0 authentication on the Remote Control server.

Configure the server to support SAML 2.0 authentication by using a SAML 2.0 identity provider (IdP).

After configuration, SAML 2.0 support enables web-based Single Sign-On (SSO) authentication. Logged in users are automatically redirected to the web-based components that support SAML 2.0 authentication without having to log in again.

For the SAML SSO to work properly with the Remote Control server, the users must exist in the server database. The users can be added manually or by using an LDAP server. For more information about configuring LDAP, see Configure LDAP. The LDAP server can also be configured by using the LDAP Configuration wizard. For more information, see Configure LDAP properties by using the LDAP wizard. The IdP administrator is responsible for the configuration of the LDAP identity provider. If LDAP is enabled, the IdP must be configured to authenticate the users by using the same backend LDAP server as Remote Control.

You can configure the server for SSO by using the server installer program. This method is the recommended method. You can also configure for SSO after you install the server.

After you configure SSO and access the remote control server, you are redirected to the SAML Identity Provider logon page to log on. The remote control server UI logon page is no longer displayed. However, the admin user ID must be able to log on to the remote control server without using SSO. Type the following URL in your browser to log on with the admin user ID when SSO is enabled. https://[serverurl]/trc/, where [serverurl] is the URL of your remote control server.

For more information, see SAML 2.0 Web Browser Single-Sign-On.
Note: The default Remote Control configuration supports a service provider (SP) initiated login flow, where the user initiates the login process by first accessing the product interface. Remote Control also supports an Identity Provider initiated login flow, where the user initiates the login process by accessing the Identity Provider interface first. To enable support for an Identity Provider initiated login, update the sso.xml file and include the useRelayStateForTarget and the targetPageUrl to the samlWebSso20 section as given below:
<samlWebSso20 id="defaultSP" keyStoreRef="samlKeyStore" httpsRequired="true" 

where Server_FQHN is your server host name.