Open topic with navigation

Configure GE Digital APM

Before You Begin

• Ensure that the GE Digital APM Server is installed and the server is configured to use SSL.
• Ensure that you can access the GE Digital APM application in a web browser using HTTPS protocol.
• Ensure that the GE Digital data source is configured and you can log in with administrative privileges.

Steps

1. Using a web browser, log in to GE Digital APM as an Administrator.
2. In the module navigation menu, select Admin, then select Operations Manager, and then select Data Sources.

The Data Sources page appears.



3. In the Data Source Host box, enter the name of the GE Digital APM server, and then select Save.
4. Enable LDAP Integration, configure Domain Record, and then schedule and run LDAP synchronization.

Note: For more information on how to enable LDAP Integration, configure a Domain Record, and schedule LDAP synchronization, refer to the Lightweight Directory Access Protocol documentation.

The users from Active Directory are now imported to GE Digital APM and are assigned the appropriate Security Roles and Groups.

5. Stop IIS, all Meridium Windows services, and the Redis service.
6. Navigate to C:\Program Files\Meridium\ApplicationServer\api.
7. Using an XML or text editor, access the file saml.config.
8. Uncomment the PartnerIdentityProvider section by removing the <!-- and --> comment characters.
9. Set the following attributes for PartnerIdentityProvider element:
   • Name: urn:componentspace:Meridium

   Note: The value for the Name element is same as the IDP name.

   • WantSAMLResponseSigned: false
   • WantAssertionSigned: true
   • WantAssertionEncrypted: false
   • UseEmbeddedCertificate: false
   • SingleSignOnServiceUrl: {https version of Federation Service identifier} + “/adfs/ls”. For example, https://myadfsserver/adfs/ls

   Note: For SHA-256, you must add the following two attributes to the saml.config file:

   • DigestMethod="http://www.w3.org/2001/04/xmlenc#sha256"

   • SignatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

   The following example shows the configured saml.config file for SHA-256.

   <SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration"

   <ServiceProvider Name="urn:componentspace:Meridium"

   AssertionConsumerServiceUrl="~/core/security/ssologinauth"

   CertificateFile="sp.pfx" CertificatePassword="password"/>

   <PartnerIdentityProvider

   Name="http://fs.xyz.com/adfs/services/trust"

   SignAuthnRequest="true"

   WantSAMLResponseSigned="false"

   WantAssertionSigned="true"

   WantAssertionEncrypted="false"

   UseEmbeddedCertificate="false"

   SingleSignOnServiceUrl="https://fs.xyz.com/adfs/ls"

   DigestMethod="http://www.w3.org/2001/04/xmlenc#sha256"

   SignatureMethod="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

   CertificateFile="idp.cer"/>

   </SAMLConfiguration>

10. Save and close the saml.config file.

11. Start the Redis, IIS, and all Meridium Windows Services.

Copyright © 2018 General Electric Company. All rights reserved.