The Okta/Xton Access Manager SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Xton Access Manager (XTAM) is already installed and secured with a trusted SSL certificate using federated sign-in module.
Save the following Okta metadata file as okta.xml:
Save the following Metadata URL:
Sign into the Okta Admin dashboard to generate this value.
Open the file: {XTAM_HOME}/web/conf/catalina.properties in a text editor.
Add the following lines to the existing #CAS section:
cas.server.name={managed_path}
Note: Defines the URL of the application and will be unique for each customer.
Example: cas.server.name=https://host.com.
cas.server.prefix={managed_path}/cas
Note: Defines the URL of the federated sign-in module.
Example: cas.server.prefix=https://host.com/cas.
cas.authn.pac4j.saml[0].clientName=Okta
Note: Defines the IDP client name. The required value is Okta.
cas.authn.pac4j.saml[0].keystorePassword={password}
Note: Password for the key that will be generated server side. You must create one.
cas.authn.pac4j.saml[0].privateKeyPassword={password}
Note: Password for the private key that will be generated server side. You must create one.
cas.authn.pac4j.saml[0].serviceProviderEntityId=urn:mace:saml:pac4j.org
Note: Defines the XTAM entity ID. The required value is urn:mace:saml:pac4j.org.
cas.authn.pac4j.saml[0].serviceProviderMetadataPath={okta.xml}
Note: The Identity Provider metadata from Okta saved to an xml file with the path defined. Please define a path to the okta.xml file (step 1).
Example: cas.authn.pac4j.saml[0].serviceProviderMetadataPath=C:/xtam/content/keys/okta.xml.
cas.authn.pac4j.saml[0].keystorePath={samlKeystore.jks}
Note: The keytore file generated server side defined with the path. You will need to specify the path and the file name for where the key will be stored.
Example: cas.authn.pac4j.saml[0].keystorePath=C:/xtam/content/keys/samlKeystore.jks.
cas.authn.pac4j.saml[0].identityProviderMetadataPath={metadataUrl}
Note: Your metadata URL from the step 2.
Example: cas.authn.pac4j.saml[0].identityProviderMetadataPath=https://subDomain.okta.com/app/[externalKey]/sso/saml/metadata.
Save, and close the file.
Restart the PamManagement (Windows) or pammanger (Linux) service.
These instructions are valid for Xton Access Manager Release 2.3.201804152246 (April 15, 2018) or newer.
Make sure that you entered the correct value in the Base URL field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Xton Access Manager.
Open the Xton Access Manager login URL.
Click Okta: