/
SAML Integration

SAML Integration

How to configure

SAML addon is used for FIXICC H2 integration with SAML. Information about this addon configuration can be found here: CUBA SAML addon

SSOCircle SAML provider

This example describes FIXICC H2 integration with SSOCircle SAML provider.

Go to SSOCircle and create an account.

If you work without any proxy or load balancer, add the following properties to local.app.properties file:

cuba.webHostName = <your_ip_or_dns_name> cuba.webAppUrl = https://<your_ip_or_dns_name>:8443/app fixicch2.saml.ssoPath = <SSO_path_which_will_be_used_on_saml_connection_editor_screen>

If you use proxy or load balancer, add the following properties to local.app.properties file:

cuba.addon.saml.proxy.enabled=true cuba.addon.saml.proxy.serverUrl= <your_proxy_url>/app fixicch2.saml.ssoPath = <SSO_path_which_will_be_used_on_saml_connection_editor_screen>

Run FIXICC H2 application.

Log in as Administrator and go to Administration → SAML menu option.

Click Keystore button and enter your keystore details:

image-20250709-120427.png

Return to SAML Connection Editor and click Create button to add new SAML Connection. Check Active checkbox, enter some strings as Name and SSO Path, select Company as Default Access Group and Default as Processing service, choose your keystore in Keystore field. Enter https://<your_ip_or_dns_name>:8443/app/saml (if the proxy is not used) or <your_proxy_url>/app/saml (if the proxy is used)  in Server Provider Identity field and https://idp.ssocircle.com/idp-meta.xml in Identity Provider Metadata URL field. Click Refresh buttons.

image-20250709-120441.png

Copy XML under Server Provider Identity field. Go to https://idp.ssocircle.com/, log in, select Manage Metadata in the left side menu, click Add new Service Provider link, enter some FQDN and paste your copied SAML metadata information. Click Submit button.

Click Logout button. As a result, Login screen with Login By field will be displayed. If you select your provider in this filed, you will be redirected to SSOCircle for authentication. 

 

Okta SAML provider

  1. Create a new application in Okta:

    • In the Okta Admin Console, go to Applications > Application.

    • Click the Create App Integration button.

    • Select SAML 2.0 and click Next.

  2. Configure SAML Integration:

    • App Name: Provide a meaningful name for the application (e.g., FIXICCH2 SAML).

    • Single Sign-On URL (ACS URL):

      • Define the URL your application will use to receive SAML responses. Example: https://<host_or_dns_name>:8443/app/saml/SSO.

    • Audience URI (SP Entity ID):

      • Enter a unique identifier for your application. Example: fixicch2.

    • Click Next to proceed with the setup.

  3. View Your SAML Settings:

    • Once you complete the setup, Okta will give you key information:

      • Identity Provider Single Sign-On URL (IdP SSO URL): Use this as your SAML endpoint.

      • Identity Provider Issuer: This is the entity ID used by Okta.

      • Download the Identity Provider metadata.

  4. Assign Users to the Application:

    • Under the Assignments tab, assign users or groups to this SAML application in Okta.

    • Ensure the users you assign are active.