Configure the Server

Configure APM Server

Before You Begin

Ensure that the APM Server is installed and the server is configured to use SSL.
Ensure that you can access the APM application in a web browser using HTTPS protocol.
Ensure that the APM data source is configured and you can log in with administrative privileges.

Procedure

Using a web browser, log in to APM as an Administrator.
In the Applications menu, navigate to ADMIN > Operations Manager > Data Sources.
The Data Sources page appears.
In the Data Source Host box, enter the name of the APM server, and then select Save.
Enable LDAP Integration, configure Domain Record, and then schedule and run LDAP synchronization.

Note: For more information on how to enable LDAP Integration, configure a Domain Record, and schedule LDAP synchronization, refer to the Lightweight Directory Access Protocol documentation.

The users from Active Directory are now imported to APM and are assigned the appropriate Security Roles and Groups.
Stop IIS, the Redis service, and all Meridium Windows services.
Navigate to C:\Program Files\Meridium\ApplicationServer\api
Using a json or text editor, access the file saml.json.
Add a new configuration to <PartnerIdentityProviderConfigurations> json array or update the existing configuration by setting the following attributes:
- Name: As described in sections Configure Azure Active Directory as the Identity Provider (IDP) and About Configuring Identity Provider (IDP) on Active Directory.
- WantSAMLResponseSigned: false
- WantAssertionSigned: true
- WantAssertionEncrypted: false
- UseEmbeddedCertificate: false
- SingleSignOnServiceUrl: {https version of Federation Service identifier} + “/adfs/ls”. For example, https://myadfsserver/adfs/ls. This information must be obtained from the ADFS team. In the case of Azure AD, please refer to section Configure Azure Active Directory as the Identity Provider (IDP)
  Note:
  For SHA-256, you must add the following two attributes to the saml.json file:
  - "DigestAlgorithm":"http://www.w3.org/2001/04/xmlenc#sha256"
  - "SignatureAlgorithm":"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
The following example shows the configured saml.json file:
```
{"SAML": 
{
	"$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
	"Configurations": 
	[
	{	
		"LocalServiceProviderConfiguration": 
		{
			"Name": "urn:componentspace:Meridium",	
			"AssertionConsumerServiceUrl": "https://<APM Server Name>/Meridium/api/v1/core/security/ssologinauth",
			"LocalCertificates": 
			[
			{
				"FileName": "sp.pfx",
				"Password": "password"
			}
			]
		},
		"PartnerIdentityProviderConfigurations": 
		[
		{
			"Name": "http://fs.xyz.com/adfs/services/trust",
			"Description": "ADFS",
			"SignAuthnRequest": true,
			"WantSamlResponseSigned": false,
			"UseEmbeddedCertificate": true,
			"WantAssertionEncrypted": false,
			"WantAssertionSigned": true,
			"SingleSignOnServiceUrl": "https://fs.xyz.com/adfs/ls/idpinitiatedsignon.aspx",
			"PartnerCertificates": 
			[
			{
				"FileName": "idp.cer"
			}
			]
		}
		]
	}
	]
}
}
```
Save and close the file saml.json.
Start IIS, the Redis service, and all Meridium Windows Services.