Configure CIDAAS as an Identity Provider in Software AG Cloud for Single sign-on

Configure CIDAAS as an Identity Provider in Software AG Cloud for Single sign-on

Product versions - {Software AG Cloud: 11.0.x and CIDaaS v3.100.14}

Introduction

Setting up SSO in the Software AG Cloud (SAG Cloud) with CIDAAS as the IDP is a process that requires some setup in both environments. It requires information from both environments, so it makes sense to open two browser windows from the start in order to follow the process.

The documentation related to the topic at hand is scattered across sites (CIDAAS and Software AG) and some information is seemingly mentioned only in passing without concrete examples - something that can lead one to misconfigure it and then have to spend time researching and fixing it.

With this short article, I hope to condense all relevant information into one location. The links under the “Useful links| Relevant resources” section contain all the background and further information. This article is meant to provide a cheat sheet but does not replace the official documentation in any way.

The process described here has been tested with the product versions listed above.

Pre-requisite

  • You require a SAG Cloud tenant and a user with admin access to the tenant. (Free Trial Tenant will suffice)|
  • You require access to a CIDAAS subscription (a free edition will suffice).

References

Manuals:

Request Free Trials:

How to meet our goal: Setup CIDAAS as SSO provider for SAG webMethods.IO Cloud

A guide in 10 simple steps.

  1. Create your CIDAAS Tenant
    (can be a Free trial also from Europe's #1 Customer Identity & Access Management - cidaas)

  2. Create an “Application” (Apps) in CIDAAS: Provide a name and if you like link to your company LOGO as well as use your own cooperate colors etc.
    image
    and select the 3 values we need to be exposed: email, profile and openid as scope
    image

  3. Create the “singleSignon” setup in your webMethods.IO tenant:
    image
    From there take the SAG IDM REDIRECT URL into the Application. Also, make sure you add your own CIDAAS system
    e.g. https://pochost-prod.cidaas.eu/saml-srv/idp
    image

  4. Complete some legal work (links, policy etc.) mandated by local data protection laws
    image
    Then this first part is done already:
    image

  5. Create the SAML IDP for your new Application and enable it.
    image
    image
    image

  6. Take the META DATA link from the SAML provider back to SAG CLOUD IDM.
    image

    image

  7. Complete the data mapping on SAG side:
    image and assign roles to your needs, this is just a basic example
    image Finally, save it.
    image

  8. Completing the backward link. Take the META DATA from the SAG IDM link at the bottom
    image Open in the browser “view source” and copy this data into the CIDAAS Meta data field:
    image
  9. Finalize the field mapping on the CIDAAS IDM side:
    image Save it and you are ready to go.
    image
  10. Validate your setup from the SAG CLOUD login page.
    image

Some more hints

a) CIDAAS allows you to enable 2FA, this is strongly recommended!

image

image

b) CIDAAS allows you to enable a “login success page”. This is also helpful.

image

This page as PDF:
Setup SAG CLOUD IDM with CIDAAS for SSO.pdf (1.5 MB)

Read full topic