Administer > HA Configuration > Configure the CSA node > Configure CSA on each CSA node > Configure SAML on CSA nodes in a clustered environment

Configure SAML on CSA nodes in a clustered environment

This section describes how to configure SAML on CSA nodes when generating Identity Management component metadata in a clustered environment.

For more information about SAML configuration, see the Cloud Service Automation Configuration Guide.

To configure SAML on CSA nodes, complete the following steps:

Note You must repeat these steps on each CSA node in the cluster.

  1. Edit the CSA_HOME/jboss-as/standalone/deployments/idm-service.war/WEB-INF/spring/applicationContext-saml.xml file on Node 1 in CSA.

  2. Locate the following line by searching for entityBaseUR, and uncomment the line:

    <!-- <property name="entityBaseURL" value="https://localhost/idm-service"/> -->

  3. Replace localhost with:

    For load balancer:

    <LOAD_BALANCER_HOSTNAME>:<port> for each node.

    For Apache load balancer:

    <APACHE_LOAD_BALANCER_HOSTNAME>:<port> for each node.

    This step makes sure that the Apache load balancer host name and port are used when the Identity Management component metadata is generated.

    For example:

    For load balancer:

    <!-- <property name="entityBaseURL" value="https://<LOAD_BALANCER_HOSTNAME>:<port>/idm-service"/> -->

    For Apache load balancer:

    <!-- <property name="entityBaseURL" value="https://<APACHE_LOAD_BALANCER_HOSTNAME>:<port>/idm-service"/> -->

  4. Change the URL value to the following:

    For load balancer:

    https://lb.csacloud.local:8443/idm-service

    For Apache load balancer:

    https://apache-lb.csacloud.local:8443/idm-service

    Note Be sure the Apache load balancerload balancer uses the https protocal to distribute the request.

  5. Restart the Identity Management component on Node 1 by restarting the CSA service. See Restart the CSA service for instructions.

  6. Repeat steps 1 through 5 for all nodes.
  7. Download the Identity Management component Service Provider metadata from the Apache load balancer URL:

    For load balancer:

    https://lb.csacloud.local:8443/idm-service/saml/metadata.

    For Apache load balancer:

    https://apache-lb.csacloud.local:8443/idm-service/saml/metadata

  8. Upload this Identity Management component Service Provider metadata to the Identity Provider to replace the old Identity Management component Service Provider metadata file.
  9. Restart the Identity Provider if required. See the vendor documentation for details.