Calyx RIM 6.2 CHF 3 Installation Guide

Adding PingOne IdP

This procedure should be performed if the multi.idp.use flag is set to true only in the insight.var in the<installation drive>:\InSightManager\server\all\conf\insight installation directory.

Note: Verify that there are no active Identity Providers (IdP) in the system and you performed all the steps described in Set Up Identity Provider.
  1. To add a new PingOne IdP, add the following information on the Identity Provider page:
    Field Name Input Value
    Provider Type <PingOne>
    Base API URL https://directory-api.pingone.com/api/directory
    Authorization API Token {<Client ID>:<API Key> encoded to Base64}
    Application Logout URI https://sso.connect.pingidentity.com/sso/initslo\ ?page=http://{server}:{port}/insight/
    SAML Metadata saml2-metadata-idp.xml
    SAML Entity Id urn:test:app:saml
    SAML Keystore File Name {PingOne Keystore file}.jks
    SAML Keystore Password {Keystore password}
    SAML Key Name {Key Name}

    For example: aliasname aliasname.

    SAML Key Password {Key password}
  2. Save.
    The PingOne IdP is added to Calyx RIM
  3. Locate the saml2-metadata-idp.xml file obtained from the PingOne Application page to the <installation drive>\InSightManager\server\all\conf\insight installation directory.
  4. Run the Command Prompt (cmd) from <installation drive>\InSightManager\server\all\conf\insight installation directory. Paste the following command: keytool -genkey -alias aliasname -keyalg RSA -keystore samlKeystore.jks -keysize 2048, where {aliasname} is SAML Key Name property value and the samlKeystore.jks is SAML Keystore File Name property value.
  5. Press Enter.
  6. Populate the following fields:
    Note: Remember to press Enter after each step below.
    Field Name Input Value
    Enter keystore password {SAML Keystore Password property value}
    Re-enter new password {SAML Keystore Password property value}
    What is your first and last name? {valid data or leave blank}
    What is the name of your organizational unit? {valid data or leave blank}
    What is the name of your organization? {valid data or leave blank}
    What is the name of your City or Locality? {valid data or leave blank}
    What is the name of your State or Province? {valid data or leave blank}
    What is the two-letter country code for this unit? CN {valid data or blank}
    OU {valid data or blank}
    O {valid data or blank}
    L {valid data or blank}
    ST {valid data or blank}
    C {valid data or blank}
    Is correct? {y}
    Enter key password for <aliasname> <RETURN if same as keystore password>:{SAML Key Password property value}
    Re-enter new password {SAML Key Password property value}
  7. Press Enter and close the Command Prompt.
    After performing the actions in the Command Prompt, the samlKeystore.jks file is generated.
    Note: The current step is valid only for Java 8 version. For more details follow: https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html#keytool_option_genkeypair
  8. Restart the Calyx RIM service.
  9. Go to Control Panel > Internet Options and select the Trusted Sites on the Security tab.
  10. Populate the Add this website to the zone field with: https://login.pingone.com.
  11. Select Add.
  12. Select Close.
  13. Select OK.