<div id="main-content" class="wiki-content group"> <h1 id="Identity-LinhaMicrosigaProtheus-Objetivo">Objective</h1> <p>The objective of this document is to specify how to do the parameterization of Microsiga Protheus line to use Fluig Identity.</p> <h1 id="Identity-LinhaMicrosigaProtheus-Requisitosmínimos">Minimum requirements</h1> <p>In order to use the integration with Fluig Identity, make sure that:</p> <ol> <li>TOTVS | AppServer is greater than or equal to build 7.00.121227P - August 12 2013</li> <li>The Lib update package from Microsiga Protheus applied in the environment is greater than August/2013</li> <li>TOTVS | AppServer is configured as the HTTP server, for more information see <a href="http://tdn.totvs.com.br/pages/viewpage.action?pageId=6064821" rel="nofollow">http://tdn.totvs.com.br/pages/viewpage.action?pageId=6064821</a>. </li> </ol> <p> * To update the environment, see our download center at the following address: <a href="http://www.totvs.com.br/suporte" class="external-link" rel="nofollow">http://www.totvs.com.br/suporte</a>. </p> <h1 id="Identity-LinhaMicrosigaProtheus-ComohabilitaroFluigIdentity">How to enable Fluig Identity</h1> <p> To enable Fluig Identity in Microsiga Protheus, access the <strong>Configurator</strong> module, '<strong>Users</strong>\<strong>Policy</strong>' menu, making sure that is connected in <strong>Slave</strong> which has the <strong>HTTP</strong> configuration enabled. </p> <p> When accessing the '<strong>Policy</strong>' routine, go to the <em>'Security Policy'</em> folder and, from inside that folder, select the '<em>Password rules'</em> folder. </p> <p> In the '<em>Password rules</em>' folder enable <em>Single Sign-On</em> changing the value of the form field to <strong>Optional</strong> or <strong>Mandatory</strong>. When the '<em>Single Sign-On</em>' field is configured as <strong>Mandatory</strong>, access to the system will only be allowed by IdP, except the Administration modules (Example: Configurator), which continue with the form of standard access enabled. If the '<em>Single Sign-On</em>' field is configured as <strong>Optional</strong>, the access to the system may be performed by IdP or the traditional format. </p> <p> <img class="confluence-embedded-image" src="http://tdn.totvs.com/download/attachments/73892524/IdM_mp_img1.png?version=1&modificationDate=1378218947000&api=v2" data-image-src="http://tdn.totvs.com/download/attachments/73892524/IdM_mp_img1.png?version=1&modificationDate=1378218947000&api=v2"> </p> <p> After setting up the <em>'Single Sign-On' field </em>you will need to configure the ‘<em>Single Sign-On mode' </em> by changing the value of the form field for the <strong>2- Fluig Identity</strong> option.  </p> <p> <img class="confluence-embedded-image" src="http://tdn.totvs.com/download/attachments/73892524/IdM_mp_img2.png?version=1&modificationDate=1378219703000&api=v2" data-image-src="http://tdn.totvs.com/download/attachments/73892524/IdM_mp_img2.png?version=1&modificationDate=1378219703000&api=v2"> </p> <p> Once it is configured, go to the '<em>SAML Integration</em>' folder. </p> <p> In the '<em>SAML Integration</em>' folder, enter the <a href="http://en.wikipedia.org/wiki/Uniform_resource_locator" class="external-link" rel="nofollow">URL </a> of the Service Provider or SP identification in the '<em>Service Provider identification</em>' form field. The URL of the SP identification is formed by: </p> <p style="margin-left: 30.0px;"> <strong><em>http://<ip do appserver>:<porta http>/<EntityId>, </em></strong> where: </p> <blockquote> <p style="margin-left: 30.0px;"> <<strong>IP do appserver</strong>>: It is the TOTVS | AppServer IP address that has the HTTP key configured. </p> <p style="margin-left: 30.0px;"> <<strong>porta</strong> <strong>http</strong>>: It is the port entered in the HTTP key. </p> <p style="margin-left: 30.0px;"> <<strong>EntityId</strong>>: It is the Service Provider identification key. It can be any valid text in a URL, for example: '<strong>sp</strong>' </p> </blockquote> <p style="margin-left: 30.0px;"> </p> <p> In the ‘<em>List of <a href="http://en.wikipedia.org/wiki/Uniform_resource_locator" class="external-link" rel="nofollow">URLs </a> that are accepted for connection </em>' form field, enter the address list accepted for an Identity transaction. It is recommended to enter the list of SmartClientHTML URLs separated by the character '; ' (semicolon), example: '<em><a href="http://localhost:8081;http:" class="external-link" rel="nofollow">http://localhost:8081;http://localhost</a></em>' </p> <p> </p> <p>The next step is to import metadata from IdM. Metadata can be provided in 3 different ways:</p> <ul> <li>File</li> <li>URL</li> <li>Text</li> </ul> <p>Metadata is an XML format text that defines some security parameters between the IdP and SP, among which are the digital certificate and the IdP identification, as the example below:</p> <blockquote> <p> <?xml version="1.0" encoding="UTF-8" standalone="no"?><md:EntityDescriptor <a rel="nofollow">xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata</a>" entityID="TotvsLabs"><md:IDPSSODescriptor protocolSupportEnumeration="<a href="http://urnoasisnamestcSAML:2.0:protocol" class="external-link" rel="nofollow">urn:oasis:names:tc:SAML:2.0:protocol</a>"><md:KeyDescriptor use="signing"><ds:KeyInfo <a rel="nofollow">xmlns:ds="http://www.w3.org/2000/09/xmldsig#</a>"><ds:X509Data><ds:X509Certificate>MIICBjCCAW8CBgFAOxWDkDANBgkqhkiG9w0BAQsFADBJMSYwJAYDVQQLEx1Ub3R2c0xhYnMgUHJp<br />bWFyeSBDZXJ0aWZpY2F0ZTESMBAGA1UEChMJVG90dnNMYWJzMQswCQYDVQQGEwJVUzAeFw0xMzA4<br />MDExODEzMjBaFw0xODA3MzExODEzMjBaMEkxJjAkBgNVBAsTHVRvdHZzTGFicyBQcmltYXJ5IENl<br />cnRpZmljYXRlMRIwEAYDVQQKEwlUb3R2c0xhYnMxCzAJBgNVBAYTAlVTMIGfMA0GCSqGSIb3DQEB<br />AQUAA4GNADCBiQKBgQCrzk/d+HJR5iCQ4oOYPEm4Mc5TMq1NOYuxp2PmOZsNd99vIhUvnTS59blP<br />mz6AMLwOH20Z7nr0rog9RqiMCZLZBBnzPWprh1Hsz6bg9lrggvT8YTalUxr6ktfqp6gy08N6VSd4<br />jqvN5YeLllG5oeBYJA5R82vJKXBdxWIW8mex9wIDAQABMA0GCSqGSIb3DQEBCwUAA4GBADTQm7qa<br />+LoSu9iWb0F0THH4fX8ZaL8qDyuiVuXFBnpuw16X2Du0qmgJwM5Mp9su3w7CEdp6YGMtRJXwizSd<br />KsxiDEXs2aRY7pepKNRC/PEyI9lXj+nTrjL7q4mOT2V7NGxjjkzZTWWXtNJ+TEYi5pGcW4rBz+/s<br />w8Hbep+F6L/r</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding="<a href="http://urnoasisnamestcSAML:2.0:bindings:HTTP-POST" class="external-link" rel="nofollow">urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</a>" Location="<a rel="nofollow">https://app.fluigidentity.com/cloudpass/SPInitPost/receiveSSORequest"/</a>><md:SingleSignOnService Binding="<a href="http://urnoasisnamestcSAML:2.0:bindings:HTTP-Redirect" class="external-link" rel="nofollow">urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</a>" Location="<a rel="nofollow">https://app.fluigidentity.com/cloudpass/SPInitRedirect/receiveSSORequest"/</a>></md:IDPSSODescriptor></md:EntityDescriptor> </p> </blockquote> <p> To import metadata, click the <strong>'Import Metadata'</strong> button and follow the steps in the Import Wizard, entering the URL or the file provided by IdP. After metadata is imported, the '<em>Identity Provider (IdP) identification</em>' form field will be filled in automatically. </p> <p> After that, click the '<strong>Update SP - Service Provider</strong>' button. Then you will be informed if the operation was successful or there was a problem, in case of problems, contact IdP. Lastly, the system will generate the metadata from the SP that is requested by IdM to complete the operation. If necessary, this file can be generated without having to perform the step of the metadata from IdM. </p> <h1 id="Identity-LinhaMicrosigaProtheus-ComorelacionarousuáriodoIdPaoMicrosigaProtheus">How to relate IdP user to Microsiga Protheus</h1> <p> Microsiga Protheus users can be related to IdP through <strong>user code</strong>, <strong>User login</strong> or <strong>user's email</strong>, and these data must be sent by IdP.  </p> <h1 id="Identity-LinhaMicrosigaProtheus-VideodeconfiguraçãodoIdP/SP">IdP/SP configuration video</h1> <p> <div class="embeddedObject"> <object classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" codebase="https://www.apple.com/qtactivex/qtplugin.cab" data="/download/attachments/73892524/Fluig Identity.mp4" height="720" type="video/mp4" width="1280"> <param name="autostart" value="false"> <param name="autoplay" value="false"> <param name="controller" value="true"> <param name="data" value="/download/attachments/73892524/Fluig Identity.mp4"> <param name="src" value="/download/attachments/73892524/Fluig Identity.mp4"> <param name="type" value="video/mp4"> <embed autostart="false" autoplay="false" controller="true" height="720" src="/download/attachments/73892524/Fluig Identity.mp4" type="video/mp4" width="1280"> </embed> </object> </div> </p> <p> </p> </div> |