Solutions
Hardware
Software
Services
Support and Downloads
About Zebra
SAML Integration Guide for PTT Pro and Profile Manager
Configure ACS
Configuring the Identity Provider
SAML Integration Guide for PTT Pro and Profile Manager
SAML Integration Guide for PTT Pro and Profile Manager
Introduction
Document Layout
Solution Components and Architecture
ACS Component Diagram
User Authorization Diagrams
Prerequisites
Configure ACS
Creating a Realm
Creating the Clients
Configuring the Capability Settings
Configuring the Access Settings
Configuring the Endpoint Settings
Configuring the Endpoint Credentials
Configuring the Endpoint Mappings
SAML Descriptor File
Configuring the Identity Provider
Mapping the User Name from the IDP
Auto Launching the SAML Login
Exporting the ACS Certificate to SAML
Exporting the ACS Certificate to PTT Pro
Configure Workcloud Communication
Configure Profile Manager
Authentication URL and Access Token URL
Client ID
Client Secret
Configure the PTT Pro Server
Configure the PTT Pro Client
Configure the Profile Client
Device Operation
Troubleshooting the Client Error Message: ADFS Error
Revision History
Configuring the Identity Provider
Configuring the Identity Provider
Use the information from the SAML Descriptor file to configure the Identity Provider.
Click
Identity Providers
in the left pane of the Keycloak user interface.
Select
SAML v2.0
from the Add Provider drop-down menu.
Enter the redirect URL in the
Redirect URI
field. The
Redirect URI
entry is constructed as follows:
https://wfc-keycloak.pttpro.zebra.com/auth/realms//broker/ /endpoint
.
The <Alias>is a convenient label. Change it to an appropriate value. In this example, the alias is WFC-SAML-Auth that results in the following redirect URI:
https://wfc-keycloak.pttpro.zebra.com/auth/realms/WFC-SAML-Test-Realm/ broker/WFC-SAML-Auth/endpoint
Set the
Entity Descriptor
on.
Enter the SAML descriptor URL in the
SAML entity descriptor
field.
The SAML descriptor URL pulls all the SAML endpoints, certificates etc from the SAML identity provider.
Click
Save
.
Configure the SAML details.
Enter the single sign-on URL in the
Single Sign-On URL Service
field.
The Single Sign-On Service URL can be copied from the
<SingleSignOnService>
parameter in the
SAML Descriptor
field. In this example it is:
https://wfc-keycloak2.pttpro.zebra.com/auth/realms/WFC-SAML-Test-Realm/ protocol/saml
Enter the single logout service URL in the
Single Logout Service UR
field.
The Single Logout Service URL can be copied from the
<SingleLogoutService>
parameter in the SAML Description field.
Enable
Validate Signature
.
Enable
HTTP-POST Binding Response
.
Enable
HTTP-POST Binding for AuthnRequest
.
Enable
HTTP-POST Binding Logout
.
Enable or Disable
Want AuthnRequests Signed
.
Click
Save
.
Configure ACS
