SSO Support Between Classic and React e-Business Application

Starting with Aptify release 7.4, the Single Sign-On (SSO) feature has been implemented between the e-Business Classic and e-Business React applications. When a user logs into e-Business classic application with their credentials, they will be automatically logged into e-Business React application without needing to re-enter the credentials. 

Single sign-on (SSO) is an authentication method that enables users to securely authenticate multiple applications and websites by using just one set of credentials.

This article is organized into the following sub-topics:

Installing and Configuring Classic e-Business Metadata

Follow the steps below to install and configure classic e-Business metadata. 

      1. Log into Aptify Smart Client (Desktop) application
      2. Perform the below steps only if the SAML SSO Log and SAML SSO Service Provider services are not visible under the e-Business application.
        SSOServicesVisible.png
      3. Download the attached Classic Metadata zip file and perform below steps Also make sure Web Files folder is moved as per instructions in note.
      4. Go to Desktop application ->Framework application.  Under Entities services, find Install Entities Wizard.
        SSOHighlightEntities.png
      5. Open Install Entities Wizard and select Aptify Definitions database, then click Next and Select BaseDatabase as Aptify for Entities.
        Install2.png
      6. In the step no three of the wizard, select Entity Pack and then select SAMLSSOLogs_c.entpak, click Next twice and finish the wizard. Perform the same steps for SAML SSOSericeProviders_c.entpak.
        Install_3.png
        Install_4.png
        Install_Finish.png
      7. Go to Process Pipeline Application, select Process Flow service and then select Data Un-Packer wizard from tool bar. The Data Un-Packer wizard opens.
        SSOProcessPipeline.png

      8. Click Next and give the directory a name as shown in the image below.
        SSODataUnpackDirectory.png
      9. Click Next and select the checkbox as shown below, then click Next.
        SSOSpgetSAMLassertion.png
      10. Verify that the Upgrade Existing Records and Unpack Repository Objects checkboxes are selected and click Finish.
        DataUnpackFinish.png

      11. Unpack spGetSAMLAssertionAttributes.recpak cm pack from Classic Metadata zip/Data Packs
        2024-12-18_21h44_26.png
      12. Open SAML SSO Service Providers entity and add the attributes and values as shown in below table. 
      13. Name Value Description
        IDPCertificatePathAndFileName ~/PFXFile/idp.pfx Path and file name where IDP certificate is stored. This should be the PFX or P12 file with both private and public key.
        IDPCertificatePassword password Password for IDP Certificate File. If the Certificate's private key is not password protected then enter <blank>
        IDPLoginFormURL ~/login.aspx Specify the eBiz page that will collect the username/password. Each SAMLSSOServerProvider record also has this field. This value will only be used if SAMLSSOServerProvider.IDPLoginFormURL is null or blank.

        SSOEntityID.png

      14. Reopen Smart client and verify the SAML SSO Log and SAML SSO Service Provider services are visible.
        SSOServicesVisible.png
      15. Open new SAML SSO Service Provider record and add below details

        Pt15_classic.png

        Name:  Enter the React e-Business url (for example, https://xxxx.com/ebizui/)
        Issuer: Enter the React e-Business url (for example, https://xxxx.com/ebizui/)
        ACS URL: Enter the e-Business SOA endpoint responsible for receiving SAML response. (for example, https://xxxx.com/SOA/v1/SAML/ReceiveSAMLResponse
        Public Key: Enter your service provider (SP) public key. 

        Please note that the below public key is for testing purpose only.


        -----BEGIN CERTIFICATE-----
        MIIC/jCCAeagAwIBAgIQCGehfcnv6r5My/fnrbfDejANBgkqhkiG9w0BAQsFADAV
        MRMwEQYDVQQDEwp3d3cuc3AuY29tMB4XDTEzMTEyMjA4MjMyMVoXDTQ5MTIzMTE0
        MDAwMFowFTETMBEGA1UEAxMKd3d3LnNwLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
        ggEPADCCAQoCggEBAMPm/ew9jaGWpQS1C7KtpvgzV4nSOIFPgRt/nlRYR+pUWdDE
        fSKmyjK28nkQ1KKujRJTnvnmZydmUrmEFpVv+giBiUkvCJY3PxZ/EDSsF3R/OzWh
        kUv5nfAXPnqkX9x22b6+vUof6WiLGyAW6lOYMCVADjTSl9pSaUtIaANdx9maERcT
        9eQbGSnjim0WurFRYs9ZE8ttErrMH9+Su4246YDqOPAkz6La4cHHMPQdcFQT5p/c
        uXBfU1vl1tWdBEgAY3xHYZE8u5TTJ/vp9UxyU1MwfeO2g9VDRcokLQHrj6wFxtvu
        fA+WtUKYJGUu2p/qSuaw7eS6UFjUn49aVqg9OacCAwEAAaNKMEgwRgYDVR0BBD8w
        PYAQ1/S0ibdvfdFkJ9T9oIPluKEXMBUxEzARBgNVBAMTCnd3dy5zcC5jb22CEAhn
        oX3J7+q+TMv35623w3owDQYJKoZIhvcNAQELBQADggEBAAHlmVoAZUt6paeFvtQb
        c/iaJe/Fhd+JG1U0jyjlFDcCn8erLihEbhb3mFBBMF25oO67gfA1JJXZrmHry3Nl
        OZuovqRqm8v7wg8n0nQa1HUWkUC2TBgfg1HE8/2rmSF2PngiEi18VOxRDxx0WXMN
        ZX6JebJ1kCOCpT/x7aupS7T1GrIPmDLxjnC9Bet7pRynfomjP/6iU21/xOIF6xB9
        Yf1a/kQbYdAVt2haYKIfvaF3xsq1X5tCXc9ijhBMgyaoqA+bQJD/l3S8+yCmMxEY
        ZjAVLEkyGlU4Uwo01cKEYbXIG/YVq+4CaIRxIfMvV+j8gzTLHTXI+pHEMfMhyYa0
        pzM=
        -----END CERTIFICATE-----
        Assertion Attribute DB Object:  Enter the value - spGetSAMLAssertionAttributes__c
      16. Click Misc tab and add the link, for example https://xxxxcom/EbizNonCMS/Login.aspx

         

Settings for SP (e-Business React)

For setting the e-Business React as the service provider (SP), follow the steps given below:

        1. Go to the Web Service application->SAML Configuration. (If the SAML configuration is not present, right-click the Web services and add it from the list of services.)
        2. Create a new record under SAML Configuration.

          • Under General Tab, add the below values against the fields as mentioned below:
            Record Type: AMS as SP (select from dropdown)
            Pvt Key File: Enter the physical path of service provider provate key. (for example, C:\home\site\wwwroot\SOA\Keys\SP\sp.pfx)
            Pvt Key Password: Enter the password
          • Under Identity Provider Tab:
            IDPIssuer: Enter the IDP url i.e., e-Business Classic url (for example https://xxxx.com/EbizNonCMS/)
            IDP Authn URL: Enter the IDP url i.e., e-Business Classic authentication url (for example 
            https://xxxx.com/EbizNonCMS/SAML/SSOService.aspx)
            IDP Auth Interface URL:  Enter the login page url of Classic e-Business (for example https://xxxx.com/EbizNonCMS/Login.aspx)
            IDP Public Key:  Enter your Identity Provider (IDP) public key. 
            Please note that the below public key is for testing purpose only.

            -----BEGIN CERTIFICATE-----
            MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAW
            MRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzEx
            NDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEF
            AAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xM
            abUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHX
            H3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJ
            chRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh
            9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5P
            w+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEE
            QDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22C
            EHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO
            4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW
            0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ947
            7O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoa
            CwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0von
            idE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8
            iVKLQLA=
            -----END CERTIFICATE-----


            IDP LogoutRequest URL (Not supported): Currently SSO logout functionality is not supported. Enter dummy url for the record to save (for example, https://xxxx.com/EbizNonCMS/Logout.aspx)
            IDP Logout Request Binding: This functionality is not supported. Select GET as default from the drop-down.
            IDPTab.png
        • Under Service Provider Tab:
          SP Issuer: Enter the SP url i.e., the e-Business React url (for example, https://xxxxcom/ebizui/)
          SPSSOBinding
          : select POST from drop-down
          SPLogoutBinding: select GET from drop-down
          SPTab.png

 

 

Setting under ebiz SOA/web.config

        1. Edit the SOA/web.config file and locate the attribute Aptify.Services.SAML.IDPIssuer. 
        2. Set the value of the attribute to IDPIssuer url. (note that the url should match exactly) 
          <!--IDP Issuer(ebusiness Classic)-->
          <add key="Aptify.Services.SAML.IDPIssuer" value="https://xxxx.com/EbizNonCMS/" />

 

Setting under ebconfig.json

Under the website where React UI is hosted (usually it will be under "C:\inetpub\wwwroot\eBizUI"),

find the attribute IDPIssuerUrl  and set the value to IDPIssuer url. 

 

This completes all the settings required for SSO implementation. 

Note:
After the SSO implementation, on classic e-Business application, any navigation to e-Business React frontend should be in below format. Please note the source query parameter in URL shown below should exactly match the one under ebconfig.json (shown in above image, even the trailing slash is matched, either have it at both places or remove from both)


https://xxxx.com/ebizui?source=https://xxxx.com/EbizNonCMS/&target=ebizui/my/order-history

 

Here target should be in ebizui/{path} format. This is where you want to be navigated after the SSO is complete. Note that ebizUI/ (react frontend path, which is ebizUI in this case) is needed for proper navigation.  This will setup the SAML SSO communication between Classic e-Business and React e-Business application.

In case you want to test through API, you can use below URL and paste it in the browser

https://xxxx.com/SOA/v1/SAML/generateauthn/?RelayState=https://xxxx.com/ebizui/my/order-history.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.