For instructions on configuring EAM to use SSL, refer to the HxGN EAM installation guides (Enterprise and Asset Sustainability edition).
EAM must be configured to use SSL. ADFS will not send a SAML response message over an unencrypted connection. EAM may be configured to use SSL only during the logon process or to use SSL for all communication.
To force EAM to use SSL for all communication, set core.ssl to true in the appropriate yaml configuration file. Setting this flag to true has the following consequences:
-
The AppServerHost property in MPConfiguration.xml is configured for SSL. Since this property is used by the EAM SSO module when returning from ADFS, the result is that ALL communication with EAM will occur over SSL.
-
SSL is enabled for the logonURL property in the sso configuration file.
-
Note that whether EAM uses SSL for all communication does not depend on whether the user initially accesses EAM over an SSL connection.
Signed certificates: EAM opens http connections to ADFS and to other modules within EAM. If these connections employ SSL, the certificate returned by the server (ADFS, or the instance of Apache installed with EAM) must be signed by a CA that can be validated using the certificate chains present in the EAM cacerts file (located in <eamhome>/java/jre/lib/security)..
-
The certificate returned by ADFS will be validated against cacerts if any of the following EAM functionality is used:
-
Web services, including all connector requests (mobile, databridge, etc.)
-
Electronic signatures
-
Advanced reports
-
-
The certificate returned by ADFS is called "Service Communications" on the ADFS Certificates screen.