5.5 Converting SAML 2.0 Service Providers in to a SAML 2.0 Application

If you have configured federated authentication using SAML 2.0 to internal and external identity providers, service providers, and embedded service providers (ESP), you can convert the previously configured SAML 2.0 service providers to a SAML 2.0 application.

For more information about the prior configuration for service providers, see SAML 2.0 in the NetIQ Access Manager 5.0 Administration Guide.

Converting the service providers gives you the following benefits:

  • Adds the ability to configure access control to the application by using roles.

  • Automatically creates an appmark for the application.

No change takes place to the appmarks that you had created for SAML 2.0 service providers. The conversion process only adds a new appmark for the SAML 2.0 application, if you select to create a new appmark.

In an upgraded Access Manager setup, the Applications page displays any service providers you have created in the past. Access Manager does not convert the service provider until you click it and save the new configuration options.

If the service provider contains only one signing certificate, you cannot upload the additional certificate after conversion. However, if the service provider has been configured with multiple signing certificate, the application retains the configured certificates after conversion.

To convert a service provider to an application:

  1. Log in to Administration Console as an administrator.

  2. In Dashboard, click Administration Tasks > Applications.

  3. Identify the service provider you want to convert and click it.

    If the service provider is not converted, then there is no menu in the upper right corner of the tile and the image is a default SAML image for all SAML 2.0 service providers.

  4. Review the available options to ensure that these are correct.

    NOTE:If you have existing appmarks, Access Manager populates the Roles field with the roles assignments from the existing appmarks. The roles assignments here grant the users accessibility to applications. The role assignments on the appmark grants visibility to appmarks for the users.

  5. Click Save to convert the SAML 2.0 service provider to be a SAML 2.0 application.

  6. Click Yes to create a new appmark for this SAML 2.0 application.

  7. Click the Configuration Panel, then perform an Update All.

After you convert a SAML 2.0 service provider to a SAML 2.0 application, the Advanced Setup links appear in each configuration section. You can use these links to view or edit additional settings.