FAQ

Most Popular

Load More

Latest

Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML. In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
  1. Generate the Service Provider Metadata

    Access the administration end point for SAML at an URL of the form: https://your_domain/muse/saml/web/metadata where replace your_domain with the actual domain of the Muse installation. Use admin as the username and the configured password. In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page. In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button. In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“. After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it.
  2. Setup a new application in the Azure Portal

    Access the Azure Portal at: https://portal.azure.com/ and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide. In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them. From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step. Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users
  3. Generate a new IDP

    Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button. In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button. Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
  4. Wire the Muse Search Application for SAML authentication

    Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD. – Edit the ${MUSE_HOME}/aas/jaas.config file and add at the end of the file the below entry: MuseKnowledge.Azure { com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml"; com.edulib.ice.security.authentication.ICELoginModule requisite ; }; – Download this file and place it in the following location ${USE_HOME}/profiles/ . Edit the downloaded file, locate the following placeholders: PLACE_HERE_THE_IDP_ENTITY_ID, MuseSearchApplicationID and MuseSearchApplicationPassword and replace them with the appropriate values. – Test the integration using an URL of the form: https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID where replace your_domain, ALIAS and IDP_ENTITY_ID with the appropriate values.

In production we recommend to use Azure Active Directory with SAML (ADFS). Theoretically there are no special requirements for integration with Azure Active Directory SAML , however this is a multi-step configuration which involves a lot of communication between the Muse Proxy technical team and the customer’s technical team.

The customer must create a new SSO application inside the MS Azure portal for Muse Proxy and provide the metadata URL, which looks like the one below:
https://login.microsoftonline.com/{tennantID}/federationmetadata/2007-06/federationmetadata.xml?appid={appid}

where {tennantID} and {appid} are particular to the customer.

In more detailed steps:

– In the Azure Portal select the Azure Active Directory > Enterprise Application > All applications > New application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Proxy), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.
– In the configuration pages, add at Identifier(Entity ID):
https://proxy.yourdomain.com/MPAppID
where proxy.yourdomain.com is the Muse Proxy domains and MPAppID is the Muse Proxy Application ID for which SSO is being configured.
At the Reply URL (the ACS from metadata) add:
https://proxy.yourdomain.com/ssoRWP/saml/SSO/alias/MPAppID
It is not mandatory to add Sign on URL or Relay State. If Sign on URL is requested, that can be the URL for accessing the MP application:
https://proxy.yourdomain.com/MPAppID
Click the Save button to save the configuration.
– Then, in the SAML Certificates section make sure the Expiration date covers the desired period of time. If using multiple Muse Proxy applications, it is required to upload and use the same certificate for all applications because MS Azure uses the same entity ID with different certificates and this is not according to SAML standards.
– Then go to Configure Muse Proxy (the name the Enterprise application in Azure AD) and from there download the SAML XML Metadata. Note that the link for metadata only works if a certificate was configured in above (paragraph – SAML Signing Certificate Manage the certificate used by Azure AD to sign SAML tokens issued to Muse Proxy.)
Provide to the Muse Proxy technical team the URL with label App Federation Metadata Url from the SAML Certificates section and the downloaded file from label Federation Metadata XML

When done, setup the Muse Proxy application with the SAML authentication, by following the instructions from the Muse Proxy Administrator Console, Configuration left menu item, SAML Authentication.

Note: The above specific Azure instructions are based on our previous experience, the current Azure portal interface may differ.

A requirement for finalizing and testing the ADFS integration is for the customer to provide us a test account (username/password). Make sure the test account is provided access for the newly created Azure application, see the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users

Load More