...

1. "App Federation Metadata URL" from “SAML Certificates” section. It has to contain “appid” param with a value at the end.

2. Information about groups and roles.

Installation

Tomcat 8/9 (ADPOINT 7.x)

• Tomcat/webapps/sso-saml.war (copy it from snapshots/ from the FTP)

• Tomcat/webapps/conf/sso-saml.properties

• Tomcat/webapps/conf/sso-saml2.properties (only if the 2nd app is being configured; then you also need sso-saml2.war)

• Tomcat/webapps/conf/serverscripts/groupsandrole.js

Tomcat 10 (ADPOINT X1 and later)

• Tomcat/webapps-javaee/sso-saml.war (copy it from snapshots/X1/ from the FTP)
  Note it’s a new folder. When Tomcat is started the files will be migrated to webapps folder and the sso-saml folder will be created there as usual.

• Tomcat/webapps/conf/sso-saml.yml. Example:

  Code Block
  adpoint-launch-url: /adpoint/pages?jwt= metadata-uri: https://login.microsoftonline.com/aaaabbbb-cccc-dddd-eeee-ffff12345678/federationmetadata/2007-06/federationmetadata.xml?appid=11111111111111111111

  • Change adpoint-launch-url to whatever customer needs e.g. /xui?jtw= for the newest client.

  • Change metadata-uri (Federation Metadata URL) to whatever customer has sent.

• Tomcat/webapps/conf/sso-saml2.yml (only if the 2nd app is being configured; then you also need sso-saml2.war)

• Tomcat/webapps/conf/serverscripts/groupsandrole.js

Troubleshooting

Log file

Tomcat/logs/sso-saml.log

Missing groups

Check if on Adpoint's final SSO webpage you can see groups in Authentication Attributes. If not ask a customer to add the groups attribute in:

Azure AD -> Enterprise Apps -> ADPOINT app -> Single Sign-on -> User Attributes & Claims -> Additional claims