...

Setup steps

What is needed from the customer to set up the SSO (single sign-on) on Entra ID (Azure AD) platform using SAML protocol?

1. Customer sets up the first app in Azure AD: ADPOINT Java UI:

...

1. "App Federation Metadata URL" field value

2. Information about groups and roles

Installation

Tomcat 8/9 (ADPOINT 7.x)

• webapps/sso-saml.war (copy it from snapshots/ from the FTP)

• conf/sso-saml.properties

• conf/sso-saml2.properties (only if the 2nd app is being configured)

• conf/serverscripts/groupsandrole.js

Tomcat 10 (ADPOINT X1 and later)

• webapps-javaee/sso-saml.war (copy it from snapshots/X1/ from the FTP)
  Note it’s a new folder. When Tomcat is started the files will be migrated to webapps folder and the sso-saml folder will be created there as usual.

• conf/sso-saml.yml:

  Code Block
  adpoint-launch-url: /adpoint/pages?jwt= metadata-uri: https://login.microsoftonline.com/aaaabbbb-cccc-dddd-eeee-ffff12345678/federationmetadata/2007-06/federationmetadata.xml?appid=11111111111111111111

  • The last URL is a Federation Metadata URL received from a customer

• conf/sso-saml2.yml (only if the 2nd app is being configured)

• conf/serverscripts/groupsandrole.js

Troubleshooting

Log file

Tomcat/logs/sso-saml.log

Missing groups

Check if on Adpoint's final SSO webpage you can see groups in Authentication Attributes. If not ask a customer to add the groups attribute in:

...

1. from “SAML Certificates” section. It has to contain “appid” param with a value at the end.

2. Information about groups and roles.