Running the SAML installation script for Content Manager
Run a PowerShell script on the Content Manager server to configure SAML for your Content Manager. In addition to this script, you can also run scripts to set up HTTPS, LDAP, or both.
Before you begin
You must be logged on as an administrator user to perform this task.
PowerShell must be installed on your target system.
If you set up SAML, SDL strongly recommends that you also set up HTTPS.
Procedure
- Access your Content Manager server.
- If you want to specify your installation parameters up front, rather than while the script runs, create a plain text file with a name and location of your choosing, and fill it with lines of the format
PROPERTY=VALUE, where PROPERTY is a property in the table below, and VALUE is a value that corresponds to the description for that property:Property Description TokenIssuerCertThumbprintSet to the thumbprint of the token issuer's certificate, a 40-character string, or to newto specify your own, self-signed certificate.TokenIssuerCertFriendlyNameOnly If you use a self-signed certificate, set to the Friendly Name of the token issuer's self-signed certificate as listed in the Server Certificates screen in IIS Manager. TokenIssuerCertPasswordOnly if you use a self-signed certificate, set to the password of the token issuer's self-signed certificate. CoreServiceCertThumbprintSet to the thumbprint of the Core Service certificate, a 40-character string, or to newto specify your own, self-signed certificate.CoreServiceCertFriendlyNameOnly if you use a self-signed certificate, set to the Friendly Name of the Core Service self-signed certificate as listed in the Server Certificates screen in IIS Manager. CoreServiceCertPasswordOnly if you use a self-signed certificate, set to the password of the Core Service self-signed certificate. CoreServiceTypeSet to the type of Core Service hosting. TheCoreServiceTypecan have one of the following values:Value Short version Description IISiThe Core Service is hosted in IIS. Windows ServicesThe Core Service is hosted as a Windows service. BothbBoth of the above are true. In addition, depending on your IdP, you need to specify additional properties, including:Property Description TCM_NameThe internal name of the IdP, used in an SP-initiated scenario. SamlAdminUserA string of the form IDP:EMAIL, where IDP is the value ofTCM_Nameand EMAIL is valid email address. This creates a user with this string as an administrator in the database for initial group mapping.issuerA URI that identifies the IdP. SP_AudienceThis string is used to check the IdP on the server side. In an IdP-initiated scenario, this needs to be changed to return the same value as for the service provider. SP_AssertionConsumerServiceUrlThe return URL, which must be set to ~/WebUI/. NameThe identifier for the IdP node. - Open Windows PowerShell from the Windows Start Menu.
- Navigate to %TRIDION_HOME%\bin\Configuration Scripts\.
- Enter one of the following:
- If you created a file with property-value pairs, enter
& .\SetupSAML.ps1 -pf FILE, where FILE is the full path and filename of the file you created. - If you did not create a file, enter
& .\SetupSAML.ps1. The script will prompt you for values for the properties.
- If you created a file with property-value pairs, enter
- Specify none, any or all of the following additional command line switches for the script:
Switch Short version of switch Default value if omitted Description -LogPath-l%Temp%\Setup_SAML_HHmmssMMddyyyy.log, where HHmmssMMddyyyy indicates the start time of the log The full path to, and name of, to the log file -NonInteractive-niFalse If set, the script acts as if PowerShell runs in non-interactive mode -ParamsFilePath-pf.\SetupSAML_params.txt The full path to, and name of, to the file with parameter-value pairs -SkipIdpConfiguration-sidpFalse Skip the IdP configuration -SkipServiceRestart-srFalse Disables the restart of the services when the script has ended -WcfUser(none) (none) The name of a user to connect to the WCF service -WcfPassword(none) (none) The password of that user to connect to the WCF service
- Sample SAML property-value pairs for My1Login
A sample set of property-value pairs to put in a text file and apply to the SetupSAML.ps1 PowerShell script. - Sample SAML property-value pairs for Azure Active Directory
A sample set of property-value pairs to put in a text file and apply to the SetupSAML.ps1 PowerShell script.