Restore SAML security beans after upgrade

Owned by MS (Unlicensed)
Feb 04, 2024
6 min read

When you add a default IdP and multiple identity providers (IdPs) for SAML, the platform will automatically add the appropriate security beans configuration from your Abiquo properties.

However, during future updates to the platform, there may be other changes to security beans.

In this case, you will need to restore the security beans for the additional IdPs.

Upgrade steps for SAML with default and multiple IdP

To incorporate any changes, when you upgrade Abiquo, do these steps:

  1. Before the upgrade go to your SAML configuration at:

    /opt/abiquo/tomcat/webapps/api/WEB-INF/classes/springresources/security/saml

     
    and back up the following security beans files:

    1. security-saml-generated-beans.xml

    2. security-saml-provided-beans.xml

  2. After the upgrade, you may find new files with the extension of ".rpmnew"

  3. Move any old files and rename the new files to the original file names

  4. Edit the new files and make the changes as described below.

SAML security beans and default IDP configuration

To add the SAML security beans for your IdP providers and set the defaultIDP property in the metadata attribute:

Do not copy the example below! Modify the configuration files for the current version of your software.



  1. Create the defaultIDP property after the constructor arg

    <property name="defaultIDP" value="${abiquo.saml.metadata.identityprovider.default.id}"/>



  2. Add beans for each IdP to the list in the constructor that starts with 0. For example here we added a reference to bean "ipdMetadataDelegate1"

    <constructor-arg> <list> <ref bean="ipdMetadataDelegate"/> <ref bean="ipdMetadataDelegate2"/>



  3. Copy the first bean and modify it to create a second bean.

    1. Change the bean ID to match the IdP ID from the list above



    2. In the value, set the item to get the IdP path from the IdP list in the abiquo.properties file. For our example, add a "1" . 

      From the IdP list property, this will get the second value after a comma.

Example of IdP metadata from Abiquo 5.2.1

This example is a guide to the configuration of SAML IdPs. It shows multiple IdPs.
 Remember that you must use any file added to your system as part of the upgrade. Do not copy this file!



Copyright © 2006-2024, Abiquo Holdings SL. All rights reserved