Settings related to the operation of the SAML Bridge are located in the WEB-INF/web.xml file. These settings describe the location of the Yellowfin instance and the web service credentials, and the attributes for finding and automatically provisioning Yellowfin users.
Access Yellowfin
This setting shows how to access Yellowfin (URL):
<init-param> <param-name>YellowfinWebserviceURL</param-name> <param-value>http://yellowfin:8080</param-value> </init-param>
Web Server User
Configure the setting for a Yellowfin web server user, that is, a user who can perform web service calls with the Web service role enabled.
<init-param> <param-name>YellowfinWebserviceUser</param-name> <param-value>admin@yellowfin.com.au</param-value> </init-param> <init-param> <param-name>YellowfinWebservicePassword</param-name> <param-value>test</param-value> </init-param>
Enable User Provision
Here is how you can enable or disable user provision. Set the value to true to enable, and false to disable this functionality.
<init-param> <param-name>AutoProvision</param-name> <param-value>true</param-value> </init-param>
Find User
To be able to find a user (when the authentication method requires their ‘email address’), you need to provide Yellowfin with the email attribute corresponding to the AD FS Claim Descriptions:
Following is an example of this:
<init-param> <param-name>EmailAttribute</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</param-value> </init-param>
To do user provision, you need to define FirstNameAttribute, LastNameAttribute and YellowfinRole. For instance, in the example below, Yellowfin gets the user name and surname from AD FS and the user role is defined as ‘Consumer & Collaboration’.
<init-param> <param-name>FirstNameAttribute</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</param-value> </init-param> <init-param> <param-name>LastNameAttribute</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</param-value> </init-param> <init-param> <param-name>UsernameAttribute</param-name> <param-value>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</param-value> </init-param> <init-param> <param-name>YellowfinRole</param-name> <param-value>Consumer & Collaborator</param-value> </init-param>
Note: Here, UsernameAttribute relates to the authenticaion method requiring a ‘user name’.
Previous topic: AD FS configuration
Next topic: Troubleshooting