Enterprise SSO Implementation is one of the key organisation level initiative since 2020. Over the last couple of years organisation are pushing towards SSO more and more and I can think of the following reasons for it:
- I believe this is driven by acquired awareness among organisations around cyber security threats.
- The cyber security has become more important as WFH became the new normal and organisation are more vulnerable to cyber attacks with employees using internet to access sensitive information.
- Data is the new age gold. If you lose your data then you lose your customers. Cyber attacks are more inclined towards data breach now.
- SSO comes with many perks like one centralised credential storage system which it makes it easier to plan, monitor and avoid cyber attacks.
- Organizations can force employees to use 2-factor authentication thereby giving one more layer of security.
With SSO becoming organisational goal, thus implementing the same for Maximo has become one of the most common and high priority item. SSO using SAML tokens is the most common type of SSO implementation in the recent times. @IBM has done a great job in enabling Maximo web application with SAML SSO. SAML based SSO implementation can be smoothly implemented. This Link is one of the resource.
But the same is not true for Maximo Anywhere 7.6.4( or previous versions). IBM has clearly said that Anywhere 764 does not support SAML SSO and this will be implemented in future version of Anywhere 7.6.4. Here is an official link to IBM's statement. This link also informs that IBM can provide sample code to implement SAML SSO for Anywhere 7.6.4 but implementation is not supported.
I have recently completed the SAML SSO implementation for Anywhere 7.6.4. Implementation is much easier than 7.6.3.1 which I did in 2020.
I cannot share the code as it is BPD Zenith's IP. I can still help with below information which might help you to achieve this implementation:
- IBM's App store app have issues with the Cookie master plugin and also, you cannot debug the app store app thus first thing to do is to install Maximo Anywhere container. This has other implications like you need to work with client to implement some kind of MDM solution. If client does not have a MDM solution and you are looking for some kind of solution close enough to IBM Mobile First application center then please reach out to me.
- Raise a Case with IBM to request for the sample code for Anywhere 7.6.4's SAML SSO implementation. It comes with a document which informs you about the XMLs to change and same code for SSOHandler class. Follow the instructions, provided in the SAML documentation which will help in achieving most changes required.
- The only class that need to be changes is the SSO handler Class. SSO handler class will have 2 logic implementation: 1st is the logic to open InAppbrowser and 2nd is the cookie master.
- Sample InAppbrowser code:
cordova.InAppBrowser.open('http://apache.org', '_blank', 'location=yes');In Appbrowser code is important as it opens a browser session inside the app where users can login to SSO provider portal and fetch SAML token.
5. The cookie master plugin given with anywhere application center has couple of typos which needs to be corrected. Once the typos in the cookies master plugin JS class is corrected then build the Native app and run a test.
6. If you run into issue, first thing to check if the cookie master logic is capturing the userid and jsessionid properly.
