You can set up access to PhixFlow either through PhixFlow Users, by integrating with your Active Directory infrastructure, or with SAML. If you integrate with SAML, Access Control is maintained by mapping Active Directory Groups to PhixFlow User Groups, as described below. By using the SAML integration users will be redirected to a chosen identity provider page where they will enter their username and password. If they are successfully authenticated they will then be redirected to PhixFlow and logged in.
This page describes how to integrate PhixFlow with SAML:
Table of Contents | ||
---|---|---|
|
Configure phixflow-login.xml
Configuration details for SAML are configured in the file phixflow-SAML.xml, under [tomcat root]/webapps/phixflow/WEB-INF/classes. When you first install PhixFlow, you probably created a copy of this file by simply copying the example file phixflow-login.xml.example (see Install PhixFlow Webapp).
Create SAML reference
To create a reference to SAML, update the section in the example file to:
Code Block | ||
---|---|---|
| ||
<!-- example of a SAML authentication provider --> <security:authentication-provider ref="samlAuthenticationProvider"/> |
Add key store details
In order to SAML A keystore must be included at [tomcat root]/webapps/phixflow/WEB-INF/classes/keystore/<<youtkeystorename.jks>>. Instructions for creating a keystore can be seen at Configure Tomcat For HTTPS. The configuration files included assume that the alias of the key is "PhixflowSAML", if you wish to use another alias you will have to replace all instances of "PhixflowSAML" with your alias. Below is an example of a keystore:
Code Block | ||
---|---|---|
| ||
<!-- An Example of a KeyStore File --> <!-- <bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager"> <constructor-arg value="classpath:keystore/samlKeystore.jks" /> <constructor-arg type="java.lang.String" value="<<KeyStorePassword>>" /> <constructor-arg> <map> <entry key="PhixflowSAML" value="<<KeyPassword>>" /> </map> </constructor-arg> <constructor-arg type="java.lang.String" value="PhixflowSAML" /> </bean> --> |
For the most basic configuration just replace the "/samlKeystore.jks" with your keystore, "<<KeyStorePassword>>" with the password to the keystore and then "<<KeyPassword>>" with the password for the key.
Metadata generator
...