On the NFS server, open the sso-configuration.properties file, located by default in the <arcsight_nfs_vol_path>/sso/default directory.
<arcsight_nfs_vol_path> is the nfs volume used for CDF installation.
For example: /opt/NFS_volume/arcsight-volume. This location might vary based on the version of ArcSight.
In the configuration directory, open the sso-configuration.properties file and add the following properties:
com.microfocus.sso.default.login.method = saml2
com.microfocus.sso.default.saml2.enabled = true
com.microfocus.sso.default.login.saml2.mapping-attr = mail
com.microfocus.sso.default.login.saml2.identifierFormat = emailAddress
Download the SAML2 metadata from Advanced Authentication server.The URL to download the metadata:
https://<AA Server hostname>/osp/a/<Tenant Name>/auth/saml2/metadata
Convert the metadata xml file to base64 string and set the following variable:
com.microfocus.sso.default.login.saml2.metadata = <base64 encoded metadata xml>
Save the changes in the sso-configuration.properties file.
Ensure, there are no additional spaces at the end of properties.
Restart the pod to apply the new configuration.
Get the pod information using following command:
kubectl get pods --all-namespaces | grep fusion-single-sign-on
Delete the current running pod using following command:
kubectl delete pod fusion-single-sign-on-xxxxxxxxxx-xxxxx -n arcsight-installer-xxxxx
New pod is initiated with new configuration.
Retrieve the Fusion SSO SAML service provider metadata from the server.
https://EXTERNAL_ACCESS_HOST/osp/a/default/auth/saml2/spmetadata
where, EXTERNAL_ACCESS_HOST is the hostname of the server.
This metadata must be uploaded in Advanced authentication SAML2 configuration.
For more information, see Configuring SAML Authentication in ArcSight.