Federated SSO allows both Active Directory users and Ambience/Repertoire simple-sso users to access the same Ambience/Repertoire server.
Refer to the full configuration guide here. (Refer to point 2.9)
Shown below are the steps to configure federated-sso:
- In your etc/application.conf file, ensure that federated-sso is set to true as shown below.
# choose either simple-sso (default) or ldap-sso or federated-sso
ambience.modules.simple-sso.enabled = false
ambience.modules.ldap-sso.enabled = false
ambience.modules.federated-sso.enabled = true
- Next, add the following chunk of config. Do modify the values as accordingly.
# only used if module federated-sso is enabled above
elixir.federated-sso {
order = ["a","b"]
choices = {
a {
"type" : "identity"
"regex" : ".*"
}
b {
"type" : "ldap"
"regex" : ".*"
cxtFactory = "com.sun.jndi.ldap.LdapCtxFactory"
host = "localhost"
port = 10389
protocol = "default"
method = "simple"
users = "ou=amb_users,DC=elixir,DC=com,DC=sg"
uidAttribute = "sAMAccountName"
mailAttribute = "userPrincipalName"
connectTimeout = 10 seconds
readTimeout = 10 seconds
bind {
user = "CN=xx,CN=xx,DC=xx,DC=xx,DC=xx"
password = "{enc:elx-2.0}xxx"
}
groups {
enabled = true
root = "OU=xx,DC=xx,DC=xx,DC=xx"
filter = "member=CN=xx,OU=xx,DC=xx,DC=xx,DC=xx"
gidAttribute = "sAMAccountName"
}
}
}
}
- Save the file and restart the Ambience/Repertoire server. You should be able to log in using both your AD user as well as your simple-sso user.