Guides → IBM CIS SSO Configuration

IBM Cloud® Internet Services (CIS) provides a fast, highly performant, reliable, and secure internet service. IBM CIS gets you started by establishing defaults for you, which you can change using the UI or API.

To start using IBM CIS with Incorta, you must define a Connection/Service in IBM CIS for Generic SAML2.0 Service Provider. Select the Connection Management property from the left side panel and configure the following parameters:

  • Assertion Consumer Service URL with the following format: http://<cloud_cluster_name>.incorta.com/incorta/!<tenantName>/
  • Provider ID that is used to differentiate between different service providers. Incorta treats each tenant as a separate service: <entityID>/<tenantname>
    • <entityID>: The value of “entityID” attribute in the IBM CIS metadata file.
    • <tenantname>: Tenant name. Identity Mapping Rule. Copy and paste the below snippet. This is where the loginName being set in the SAML response:

Value:

importPackage(Packages.com.tivoli.am.fim.trustserver.sts);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.uuser);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.utilities);
importClass(Packages.com.tivoli.am.fim.trustserver.sts.uuser.Attribute);
importClass(Packages.com.tivoli.am.fim.trustserver.sts.uuser.AttributeStatement);
importPackage(Packages.com.ibm.ws.util);
importPackage(Packages.org.json.simple);
importClass(Packages.com.tivoli.am.fim.trustserver.sts.uuser.Attribute);
// prepare attribute list
var principalAttr = new Attribute("name","urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress",stsuu.getAttributeValueByName("tagvalue_credattrs_mail") + "");
var emailAddress = new Attribute("emailAddress","urn:oasis:names:tc:SAML:2.0:assertion",stsuu.getAttributeValueByName("tagvalue_credattrs_mail") + "");
var NameID = new Attribute("Name ID","urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress",stsuu.getAttributeValueByName("tagvalue_credattrs_mail") + "");
var firstName = new Attribute("firstName","urn:oasis:names:tc:SAML:2.0:assertion",stsuu.getAttributeValueByName("tagvalue_credattrs_givenName") + "");
var lastName = new Attribute("lastName","urn:oasis:names:tc:SAML:2.0:assertion",stsuu.getAttributeValueByName("tagvalue_credattrs_surname") + "");
var loginName = new Attribute("loginName","urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",stsuu.getAttributeValueByName("AZN_CRED_PRINCIPAL_NAME") + "");
//Clear the stsuu to create a new one limited to required attributes in the SAML response.
stsuu.clear();
// add attributes to stsuu
stsuu.addPrincipalAttribute(principalAttr);
stsuu.addAttribute(NameID);
stsuu.addAttribute(emailAddress);
stsuu.addAttribute(firstName);
stsuu.addAttribute(lastName);
stsuu.addAttribute(loginName);