Note:

  • Web Resource supports SAML 1.1 only.
  • Web Resource doesn’t support mixed mode authentication. So it is either only SAML Authentication or Web Resource Internal Authentication.
  • Once a Web Resource instance is set up to use SAML Authentication there is no option to revert back the changes made with respect to the user names.

Setting up identity provider and enabling SAML in Web Resource:

A. Extract the SAML identity provider files:

  • Obtain the SAMLIdentityProvider.zip file from Replicon Support.
  • Extract the zip file. We recommend extracting to this location: C:\Program Files\Replicon Inc\SAML Identity Provider.

B. Set up IIS:
Use your system’s Internet Information Services (IIS) Manager to carry out the following procedures.

  1. Create a new IIS virtual directory with Read and Execute permissions pointing to the folder created in Step A.

    • To do this:

      • In IIS 6.0, right-click the web site name, and select New > Virtual Directoy. In the window that displays, in the Alias field, enter SAML; in the Path field, browse to and select the location of the SAML folder you created. Click Next.
      • Under Allow the following permissions, ensure Read and Execute permissions are enabled.
      • In IIS 7.0, right-click the web site name, and select Add Virtual Directory. In the window that displays, in the Alias field, enter SAML; in the Physical Path field, browse to and select the location of the SAML folder you created. Click OK.
      • To assign permissions for the directory, in the Features View, select Handler Mappings. Right-click the ISAPI.dll and select Edit Feature Permissions. In the window that displays, enable Read and Execute permissions. Click OK.
      • In IIS 5.0, the application is created by default.
  2. Create an IIS application called SAML.

    • To do this:

      • In IIS 6.0, right-click the SAML directory and select Properties. On the Virtual Directory tab, click the Create button located in the Application settings area. Select OK.
      • In IIS 7.0, right-click the SAML directory and select Convert to Application. Select OK.
      • In IIS 5.0, the application is created by default.
  3. Select authentication settings:

    • In IIS 5.0 or 6.0:

      • Right-click the Default.aspx file in the SAML application you created, and select Properties.
      • On the File Security tab, select Edit.
      • On the Authentication Methods page that displays, disable anonymous access, and ensure Integrated Windows Authentication is the only option enabled.
    • In IIS 7.0:

      • Select the SAML application, select the Content View, right-click the Default.aspx file, select Switch to Features View.
      • From the Default.aspx Home (Features View), select Authentication.
      • Right-click each item that displays: enable Windows Authentication, and disable all the other authentication types.
  4. If you are using IIS 7.0:

    • In the left menu, select Application Pools.
    • Right-click on the application pool that corresponds to your SAML application, and select Advanced Settings.
    • In the window that displays, find the Managed Pipeline Mode field, and set it to Classic mode.

C. Set up the Identity Provider:

  • Open the directory to which you extracted SAMLIdentityProvider.zip in Step A.
  • Open the Web.config file in a text editor, such as Notepad.
  • Find the following line of code:
  • <add key="ServiceProviderURL" value="http://service.url/path/saml.ashx" />
  • Modify the line to include your Web Resource installation’s URL for example: http://YourCompanyName.repliconwr.com/resourcing
  • In the directory to which you extracted SAMLIdentityProvider.zip in Step A:
  • Open the bin sub-directory.
  • Run Replicon.Security.CertificateGenerator.exe.
  • It will create two new files in that sub-directory: private.pfx and public.cer

D. Set up Web Resource:

  • Log in to Web Resource
  • Under Administration from the top menu, select System Preferences.
  • Check Enable SAML Authentication. Two additional options will display.
  • SAML transfer URL
  • In this field, enter the full URL to the virtual directory you created in Step C. This URL must include the 'target' parameter. It should look something like this: http://YourSAMLComputerName/SAML?target={0}
  • SAML public key
  • In this field, upload the public.cer file from the bin directory you generated in Step C.

5. Select Save.