SAP Knowledge Base Article - Public

2326988 - How do I configure SSO with OpenAM?

Symptom

How do I configure SSO with OpenAM?

Environment

  • SAP Roambi Cloud

Resolution

Issue:

To use the Roambi Business Single Sign-on (SSO) feature with Forgerock OpenAM, you will need to configure OpenAM and Roambi Business together. 

Environment:

Roambi Business, SSO/SAML, OpenAM

Solution:

Use this solution:

  • Step 1: Enable SSO in Roambi Business and Download Metadata
  • Step 2: Create SAML v2 Provider in OpenAM and Upload Metadata

Step 1: Enable SSO in Roambi Business & Download Metadata

To enable SSO in Roambi and download metadata:

  1. Log in to Roambi Business using your Administrator credentials and go to the Administration panel. 
  2. Enable SSO, if you have not already done so. 
  3. Click the Single Sign-On tab.
  4. On the Single Sign-On screen, toggle the Enable Single Sign-On with SAML switch to ON, which will display additional SSO-related fields.

    1.png

  5. In the Metadata field, click the Download File button to download the metadata for your company's Roambi organization.

Step 2: Create a SAML v2 Provider and Upload Metadata

To create a SAML v2 provider in OpenAM for Roambi Business:

  1. Ensure that you have downloaded the Roambi Business metadata for your company's Roambi organization (see above).
  2. Open your OpenAM console. 
  3. Under Common Tasks, click Register Remote Service Provider.  
    2.png

This reveals the Create a SAML v2 Remote Service Provider page.

3.png

Upload the Roambi Business Metadata

    1. At the Where Does the Metadata File Reside?  question, choose File.
    2. Upload the Roambi Business metadata file. 
    3. Click Configure to save your configuration. 

Return to the SSO page for the Roambi Business administration panel.

    1. In the Sign-In Page URL field, add the URL for the OpenAM server, using the following format: 
      https://[OpenAM_Server]/openam/SSORedirect/metaAlias/idp
    2. In the Sign-Out Page URL field, add the URL for the OpenAM server, using the following format:
      https://[OpenAM_Server]/openam/IDPSloRedirect/metaAlias/idp
    3. For the Verification Certificate field, upload the OpenAM public certificate file
    4. Save your changes.

Keywords

Roambi Cloud roam bi phone mobile , KBA , BI-ROM-CLD-SRC , Roambi Cloud Service , How To

Product

SAP Roambi Cloud all versions