Stop Server
First open the IIS-Manager on Microsoft Server.
Click on 'aquaAPIPool' and stop it with the button on the right side first.
After that please stop 'aquaFileServerPool', 'aquaWebservicePool' and 'aquaWebNGAppPool'.
Your Server is stopped now.
2. Configuration
2.1 Add Service Provider to your SAML instance
In order to be able to redirect to aqua after successful SAML-Login, it is required to add aqua as a Service Provider to your SAML-instance. Please ask your SAML-Administrator or check the User Manual of your SAML server if you do not know how to do it for your SAML server.
Please find below the proper URLs of aqua for configuring your SAML instance. AssertionConsumerService is an obligatory parameter for SAML so that SAML knows the location for redirect after successful login. SingleLogoutService is optional and only needed if you want SAML to be able to logout a given user from aqua.
AssertionConsumerService | http(s)://<aquawebServerUrl>/aquawebng/Account/saml2-acs |
SingleLogoutService | http(s)://<aquawebServerUrl>/aquawebng/Account/saml2-logout |
Furthermore, please download and save the IdP metadata file of your SAML instance to a local folder on aqua Backend server and aqua Web server. It will be required for configuring aqua Backend and aqua Web. A sample of an IdP-metadata file can be found
here.
2.2 Configure Backend
Open Web.config file of aqua Backend. It is usually located here:
C:\Program Files\andagon GmbH\aqua For IIS\Web\Webservice
Please add the following settings to <appSettings> section:
SAML.FederationMetadataPath | Path to IdP-metadata file that must be retrieved from your SAML instance (the metadata-file specifies important properties of your SAML-IdP, e.g. the SingleSignOnService or Certificates) |
SAML.UsernameAttribute | Defines the attribute of the SAML response that provides the aqua username (see Section 2.2 for an example where to find this attribute, “uid” is just an example) |
Example:
...
<appSettings>
...
<add key="SAML.FederationMetadataPath" value="C:\Path\to\saml-idp-metadata.xml" />
<add key="SAML.UsernameAttribute" value="uid" />
...
</appSettings>
...
Save and close Web.config
2.3 Configure aqua Web
Open aquaWebNG.config file of aqua Web. It is usually located here:
C:\Program Files\andagon GmbH\aquaWebNG\aquaWebNG
Please add the following settings to <aquaWebNGConfig> section:
SAML.FederationMetadataPath | Path to IdP-metadata file that must be retrieved from your SAML instance (the metadata-file specifies important properties of your SAML-IdP, e.g. the SingleSignOnService or Certificates) |
SAML.AquaSPEntityId | Defines the service provider’s entity ID on your SAML instance |
Example:
...
<aquaWebNGConfig>
...
<add key="SAML.FederationMetadataPath" value="C:\Path\to\saml-idp-metadata.xml" />
<add key="SAML.AquaSPEntityId" value="aqua-saml-sp" />
...
</aquaWebNGConfig>
...
3 Start aqua Server
After configuration, you can start your aqua server. Go back to IIS-Manager and start 'aquaAPIPool', 'aquaFileServerPool', 'aquaWebservicePool' and 'aquaWebNGAppPool'.