Maximo

Maximo

Come for answers, stay for best practices. All we're missing is you.

 View Only
Back to discussions
Expand all | Collapse all

Maximo Anywhere 7.6.3 SSO using SAML

  • 1.  Maximo Anywhere 7.6.3 SSO using SAML

    Posted Thu May 14, 2020 08:23 AM
    Hi Experts,

    Has anyone enabled SSO for Maximo anywhere apps?
    I am stuck at the first step of installing cordova plugins.
    Steps provided in the mobilefirst website below does not work for me:
    https://mobilefirstplatform.ibmcloud.com/blog/2015/08/03/integrating-3rd-party-cordova-plug-ins/

    Build all command just wipes out all the changes I am doing as part of manual installation of Cordova plugins.
    I have tried creating the extra build file as suggested by the blog but it still removes all the files and changes. Moreover, each time I run build all it generates the whole cordova plugin directory in www>default>worklight>plugins.

    Automatic installation also has issue of api.js missing error. I tried to install plugins using plugman but it throws error that my android platform is not valid as it is missing api.js file.

    Can someone please guide to understand how to install the cordova plugins?

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------



    #MaximoAnywhere
    #Maximo
    #AssetandFacilitiesManagement


  • 2.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 08:55 AM
    Edited by System Admin Tue August 22, 2023 04:43 PM
    Maybe following this technote you can avoid custom plugins: 
    https://www.ibm.com/support/pages/device-side-sso-maximo-anywhere

    PS:
    just for confirmation, is this technote where there are steps for custom plugins?
    https://www.ibm.com/support/pages/enabling-single-sign-sso-security-assertion-markup-language-saml-maximo-anywhere-authentication

    ------------------------------
    Diego Visentin
    EAM BU Director
    Tempestive S.p.A.
    Pordenone
    ------------------------------

    Original Message


  • 3.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 10:34 AM
    Hi Diego,

    Thanks for replying.

    I have seen this documents but the steps given are not working exactly the same way.
    https://mobilefirstplatform.ibmcloud.com/blog/2015/08/03/integrating-3rd-party-cordova-plug-ins/

    Steps mentioned in this web page to copy the cordova_plugins.js file is not working as the whole worklight>plugin folder is refreshed.
    I was looking for some inputs related to actual cordova plugin installation steps.

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Clarita Solutons
    Melbourne
    ------------------------------

    Original Message


  • 4.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 10:40 AM
    Hi Biplab,
    unfortunately I don't have a system to try your scenario with.
    But I can tell you that in the past to include a Cordova plugin at the end I followed the instructions to create a specific one for MF and therefore I copied the code.


    ------------------------------
    Diego Visentin
    EAM BU Director
    Tempestive S.p.A.
    Pordenone
    ------------------------------

    Original Message


  • 5.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 10:58 AM
    Hi Diego,

    Thanks for replying!

    Could you please explain the creating a specific plugin for MF steps?
    Maximo Anywhere apps already has cordova plugins installed and I am trying to add new plugins as mentioned in the sample SSO implementation steps PDF in the url you you shared earlier.

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Clarita Solutons
    Melbourne
    ------------------------------

    Original Message


  • 6.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 12:44 PM

    Hi Biplab,
    a few years have passed but I remember that I was not able to import a plugin.
    Therefore I followed these steps to create the shell and then copy into the "real" code taken from plugin source repository
    https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/adding-native-functionality/android-adding-native-functionality-hybrid-application-apache-cordova-plugin/



    ------------------------------
    Diego Visentin
    EAM BU Director
    Tempestive S.p.A.
    Pordenone
    ------------------------------

    Original Message


  • 7.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 10:04 PM
    Hi Diego,

    Thanks! I will try to follow these steps and create the plugin separately.
    There are pre-existing plugins which IBM has installed as part of Work Execution app and I can find those installed cordova plugins in the Assets directory of the app. I was trying to add the new plugins to the same directories but build all recreates the whole directory from scratch and even if I add new plugins manuall it gets wiped out.
    Still will give this a try and may be create a separate cordova directory for the new plugins.

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------

    Original Message


  • 8.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 03:35 PM
    We (Portland General Electric) are evaluating Anywhere, and we use PingID for SSO and multi-factor authentication. If we move forward with Anywhere, we will need to implement SAML, so I am very interested in how it works for you. Do you require multi-factor authentication, or are you just trying to get SSO from the device working all the way through to you Maximo/WebSphere authentication (Active Directory)?

    -Theo Pozzy
    Sr. Solutions Architect
    Portland General Electric

    ------------------------------
    Theo Pozzy
    Supervisor| IT Applications
    Portland General Electric
    Portland OR
    503-464-8033
    ------------------------------

    Original Message


  • 9.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 15, 2020 10:09 PM
    Hi Theo Pozzy,

    The SAML implementation I am doing is a bit different. There is no active directory involved and we are going to use SAML only for authentication.
    Idea is to authenticate users in customer's IDP and then Websphere's ACS app will add LTPA token to the successful authentication.
    Anywhere apps will then fetch the LTPA token for users to run the app transactions.
    It looked simple to me in theory but I am stuck the first step of installing the required cordova plugins.
    I will create a blog if I am able to do this successfully. But, I am doing this in Anywhere 7.6.3 so not sure how helpful that would be for other readers.
    Will keep this thread posted if I am able to proceed further.


    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------

    Original Message


  • 10.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Wed May 20, 2020 02:01 PM
    Hello Biplab,

    FYI, SAML and SAML based SSO authentication doesn't work for Browserless connection i.e. Rest/OSLC API. IBM is supporting SAML authentication only on UI and that also has some limitations in terms of features.
    If any mobile client is using these APIs then you need to have a stand-alone dedicated active directory that needs to be used for LDAP authentication and SSO. 

    https://www.ibm.com/support/knowledgecenter/SSWT9A_7.6.1/com.ibm.mbs.doc/securgroup/c_saml_limit.html

    Thanks,
    Prashant

    ------------------------------
    Prashant Sharma
    ------------------------------

    Original Message


  • 11.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Thu May 21, 2020 12:42 AM
    Hi Prashant,

    Thanks for the reply.

    We are aware about this limitation and are working towards it.

    I am stuck with Cordova Plugins installation to achieve SAML based SSO in the apps. The installation steps given by IBM documents are not very helpful.
    Have you implemented  SAML based SSO for Maximo anywhere? Would be helpful to understand from someone who has done the cordova plugin installation.

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------

    Original Message


  • 12.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Thu May 21, 2020 10:30 AM

    Prashant and Biplab,

    Careful.  The reference you provide is directly related to IBM Control Desk and not Maximo Asset Management.  One of the challenges with the IBM Knowledge Center is that a Google search may appear to provide you the information you want but it can be misleading.  The better resource is located here:
    Single sign-on and SAML security

    As for implementing SSO with Anywhere there are several ways to do this.  And as stated in the support and KB articles the use of SAML can be accomplished (even with OSLC) with a TAI on you middleware server.  There is no need to develop a Cordova plugin to handle this and as stated on other threads on this subject the SSO capability was developed to support SAML, Kerberos, and others.  You do need to write code (JavaScript) along with your TAI.

    Regards,



    ------------------------------
    Bradley K. Downing , MBA
    IBM Certified Adv. Deployment Prof. Maximo v7.6.1
    IBM
    Bakersfield CA
    ------------------------------

    Original Message


  • 13.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Thu May 21, 2020 10:53 AM
    Hi Bradley,

    Thanks for the response! 
    I could not find any Support or KB which could help understand how to SAML based SSO can be achieved without a browser or a Web view.
    The whole idea of installing Cordova Inappbrowser plugin comes to picture because SAML request and response is transmitted between TAI and IDP over a user browser.
    Could you please give me more details on how to achieve SAML based SSO using oslc?

    Thanks,
    Biplab

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------

    Original Message


  • 14.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Thu May 21, 2020 01:16 PM

    Biplab,

    First let me say that I erred in stating "There is no need to develop a Cordova plugin to handle this and as stated on other threads...". that is too loosely interpreted as to say that it can be done without a plugin.  My apologies. The better statement is that there is already a plugin you can leverage. If you google "Maximo small based sso" the first hit is this: IBM Maximo Anywhere SSO using SAML authenticationwww.ibm.com › api › wiki › page › attachment › media.
    This pdf doc describes the process and the plugins needed o develop the authentication.  Again my apologies for misstating my understanding.  I trust the doc will provide you the necessary tools to accomplish your objective. I hope this helps.



    ------------------------------
    Bradley K. Downing , MBA
    IBM Certified Adv. Deployment Prof. Maximo v7.6.1
    IBM
    Bakersfield CA
    ------------------------------

    Original Message


  • 15.  RE: Maximo Anywhere 7.6.3 SSO using SAML

    Posted Fri May 22, 2020 12:23 PM
    Thanks Bradley! I am following the same document to implement the SAML based SSO Solution.
    My question was related to this document and I am stuck at Cordova Plugin installation step. The steps given in the document for Cordova plugin installation is from mobile first app perspective and therefore, are not exactly helpful in Maximo Anywhere.

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------

    Original Message


Related Content