Federated Identity Configurator
Introduction
Note:
- This document is only relevant to the
controlled release participants.
- This is not available for Exact Cloud customers.
The Federated Identity Configurator is a stand-alone tool to create and
manage the federated identity configuration files for Exact Synergy Enterprise
(ESE), Exact Globe+, and Exact Lightweight Integration Server (ELIS).
You should use this tool when configuring any of the above products to use
federated identity authentication, and as part of the product update process. It should also be
used to test and verify if authentication with the selected identity provider
is working correctly.
How do I start the Federated
Identity Configurator?
- Open the Cab
folder of the Exact Synergy Enterprise or Exact Globe+ installation
folder.
- Locate the
file FIDConfigurator.exe.
- Start
FIDConfigurator.exe.
Note:
- The tool
requires read and write access to the installed folders of Exact software.
Therefore, it is recommended the tool be used with Administrator
privileges.
- You can use the tool directly from the
installation folder, or you can copy it to your machine and use it locally.
How do I validate the federated
identity configuration details?
- Start
FIDConfigurator.exe. Run as administrator to ensure the tool has
sufficient rights to create or edit the files. The Federated Identity
Configurator screen will be displayed.
- Select the
product you want to configure from the Products menu on the left.
- Type or
select the installation directory of the product at Installation Folder.
When a path is specified, the tool will validate the path. If the path is
validated successfully, the configuration section and buttons will be
enabled.
- At Identity
Provider, select the identity provider for this product.
- Define all
the necessary information from your account with the identity provider.
- Click Validate
to validate the entered information. The validation screen will be
displayed.
- The values
from the product screen will be checked for common mistakes, such as
formatting, typos, et cetera. The tool will warn you when a value is
suspected to be wrong so that you can verify and correct it if needed.
- Type a
username and password (from your federated identity account) to test if
the configuration values are correct for authentication use.
- Click Validate.
- The test
results may include error messages for a failed authentication, or expiry
dates for a successful authentication.
How do I generate the
federated identity configuration files?
- Start
FIDConfigurator.exe. Run as administrator to ensure the tool has
sufficient rights to create or edit the files. The Federated Identity
Configurator screen will be displayed.
- Select the
product you want to configure from the Products menu on the left.
- Type or
select the installation directory of the product at Installation Folder.
When a path is specified, the tool will validate the path. If the path is
validated successfully, the configuration section and buttons will be
enabled.
- At Identity
Provider, select the identity provider for this product.
- Define all
the necessary information from your account with the identity provider.
- Click Validate
to validate the entered information. For more information, see
How do I
validate the federated identity configuration details?.
- Click Generate.
- The federated
identity configuration files will be generated in the installation folder
for the product. It will also be retained for future product updates.
Note:
- All values
are case-sensitive and in accordance to the FID configuration in the
identity provider’s respective portal.
- Depending on
the product, you may need to restart product-related services after
generating the files.
- Only after a
successful validation, the configuration files can be generated.
How do I use the tool
during the update of a product?
If you are updating a product that has been configured for federated
identity, you should also use the Federated Identity Configurator to ensure
your configurations are retained. Before performing product update, ensure the
configuration can be retained.
- Start FIDConfigurator.exe.
Run as administrator to ensure the tool has sufficient rights to create or
edit the files. The Federated Identity Configurator screen will be
displayed.
- Select the
product you want to update from the Products menu on the left.
- Type or
select the installation directory of the product at Installation Folder.
When a path is specified, the tool will validate the path. If the path is
validated successfully, the configuration section and buttons will be
enabled.
- At Identity
Provider, select the identity provider for this product.
- Define all
the necessary information from your account with the identity provider.
- Click Validate
to validate the entered information. For more information, see
How do I validate
the federated identity configuration details?.
- Click Generate.
- When the
message “Configuration successfully generated” is displayed, proceed to
perform the update of your product(s).
- After you
have completed the update of your product(s), start FIDConfigurator.exe
again to re-apply the configuration.
- Select the
product you have updated from the Products menu on the left.
- Type or
select the installation directory of the product at Installation Folder.
- The federated
identity configuration for the product will be displayed, along with the
message "This environment was previously configured for FID. The details
have been restored. Please click 'Generate' to restore".
- Click Validate.
- Click Generate
to re-apply the configuration to the product.
Note: Depending on the product, you may need to restart
product-related services after generating the files.
How do I test the connection
between the client environment and server environment?
- Start
FIDConfigurator.exe.
- Click Client/Server
at the Tools menu on the left.
- Select the
client environment at Connect from.
- Select the
server environment at to.
- Define the
username used to log in to the client environment and server environment
at Username.
- Define the
password used to log in to the client environment and server environment at
Password.
- Click
Validate.
Fields
The available fields and the order of the fields depend on the product and
provider.
Note:
Products menu section
Select the product for which you want to view, edit and/or (re)apply the FID
configuration.
Tools menu section
Client/Server
This tool should be used to test the federated identity authentication
between two products by specifying a client environment and a server
environment.
Main section
The available fields and the order of the fields depend on the selected
product and identity provider.
Installation Folder
Type or select the installation folder of the product that is selected in
the Products menu. When a path is specified, the tool will validate the
path. If the path is validated successfully, the configuration section and
buttons will be enabled. If the current or previous environment has been
configured for FID, the values will be automatically loaded. If the current environment
has no FID configuration, the text fields in the configuration sections will be
cleared for user input.
Identity Provider
Select the identity provider for which you want to view, edit and/or
(re)apply the FID configuration:
- Auth0
- Windows Azure
Active Directory
Note: This field is available only when a valid installation folder
is selected.
Protocol
Select the protocol that will be used by the product for
login purposes. You can select SAML
or OAuth.
Note:
This field is available only if Exact Synergy Enterprise is selected at the Products menu.
SAML Issuer Name
Define the SAML issuer name from your identity provider portal.
Authority
Define the authority from your identity provider portal.
Auth0 Connection
Define the Auth0 connection from your Auth0 portal.
Note: This field is available only if Auth0 is selected at Identity
Provider.
JWT Issuer Name
Define the JWT issuer name from your Auth0 portal.
Note: This field is available only if Auth0 is selected at Identity
Provider.
Client ID
Define the client ID from your identity provider portal.
Client ID (Web)
Define the client ID (web) from the WAAD portal.
Note: This field
is available only if OAuth is
selected at Protocol.
Client Secret
Define the client secret from your identity provider portal.
Note:
This field is available only if OAuth
is selected at Protocol.
Allowed Audience
Define the allowed audience from your identity provider portal.
Allowed Audience (Web)
Define the allowed audience (web) from the WAAD portal.
Note:
This field is available only if Windows
Azure Active Directory is selected at Identity
Provider.
Realm
Define the realm from your identity provider portal.
Note: This field is only available if Exact Synergy Enterprise is selected at the Products menu.
Audience URI
Define the audience URI from your identity provider portal.
Note: This field is available only if Exact Synergy Enterprise is selected at the Products menu.
Thumbprint
Define the thumbprint from your identity provider portal.
Metadata
Define the metadata from your identity provider portal.
Authorize Endpoint
Define the authorize endpoint from your identity provider portal.
Note: This field
is available only if OAuth is
selected at Protocol.
Token Endpoint
Define the token endpoint from your identity provider portal.
Note: This field
is available only if OAuth is
selected at Protocol.
WS FED Issuer
Define the WSFED issuer from your identity provider portal.
Note: This field is available only if Exact Synergy Enterprise
is selected at the Products menu.
Reply
Note: This field is available only if Exact Synergy Enterprise is selected at the Products menu.
App URI ID
Define the App URI ID from your WAAD portal.
Note: This field is available only if Exact Synergy Enterprise
is selected at the Products menu and WAAD is selected at Identity
Provider.
Resource
Define the resource from your WAAD portal.
Note: This field is available only if WAAD is selected at Identity
Provider and Exact Globe+ or Exact Lightweight Integration Server is selected at the Products
menu.
Information Section
This section displays informational and/or error messages based on your
actions:
Note: This section is applicable only to the Products
menu.
Tool: Client Server Section
The fields in this section can be used to test the federated identity
authentication between two products by specifying a client environment and a
server environment. For example, registering an ESE endpoint in ELIS requires
FID authentication from ELIS to ESE. Authentication errors can be tested by
specifying ELIS as the client and ESE as the server, and using this tool to
retrieving detailed error messages.
Connect From
Select the client environment for which to test the federated identity authentication.
Note: This field is available only if Client/Server is
selected at the Tools menu.
To
Select the server environment for which to test the federated identity
authentication.
Note: This field is available only if Client/Server is
selected at the Tools menu.
User name
Define the username used to log in to the client environment and server
environment.
Note: This field is available only if Client/Server is
selected at the Tools menu.
Password
Define the password used to log in to the client environment and server
environment.
Note: This field is available only if Client/Server is
selected at the Tools menu.
Result
This field displays the log of the validation. Detailed authentication error
messages as well as authentication information (for example, expiry date of
security tokens) will be displayed here.
Note: This field is available only if Client/Server is
selected at the Tools menu.
Buttons
Validate
For the Products menu, click this to validate the values from the
product screen for common mistakes, such as formatting, typos, et cetera. The
tool will warn you when a value is suspected to be wrong so that you can verify
and correct it if needed. Define a username and password (from your federated
identity account) to test if the configuration values are correct for
authentication use.
For the Tools menu, click this to validate the connection between the
client environment and server environment. The results of this validation will
be displayed at the Result field.
Note:
- For the Products
menu, this button is enabled only if a valid installation folder is
entered.
Generate
Click this to generate the FID configuration for the selected product. You can generate the FID configuration only after a successful validation. When
you click Generate, the Exact Globe+: Validate screen opens with
the message “Please validate details in order to generate configuration files.”
If you fail to validate the details, the message “Could not generate:
Configuration is not validated or failed to be validated.” is displayed when you
return to the FID configurator tool screen. FID will not work if you do not complete the
configuration using the FID configuration tool.
Based on
the selected product, the following configuration files will be generated or updated:
- Exact Synergy Enterprise
- system.identityModel.config
- system.identityModel.services.config
- web.config
- XMD\FIDConfig.xml
- Exact
Globe+:
- Bin\EntityServiceIdentity.config
- Bin\GlobeIdentity.Config
- XMD\Exact.WindowsService.config
- Exact
Lightweight Integration Server
- XMD\Exact.ELISVersion.config
- XMD\Exact.EntityServiceIdentity.config
Note: This button is applicable only to the Products menu. It is enabled when the installation folder is directed to an environment configured for
FID.
Clear
Click this to clear all fields.
Related document
| Main Category: |
Attachments & notes |
Document Type: |
Online help main |
| Category: |
|
Security level: |
All - 0 |
| Sub category: |
|
Document ID: |
28.296.971 |
| Assortment: |
Exact Synergy Enterprise
|
Date: |
19-02-2023 |
| Release: |
261 |
Attachment: |
|
| Disclaimer |