SAML2 authentication method in sage x3

By | August 31, 2023
0 Comment

Security Assertion Mark-up Language 2.0 is referred to as SAML2. Passing user credentials to a token system is the purpose behind this. The exchange of a secure session token for user account authentication within an identity provider. Enterprise Management can use this for applying independent external authentication. The application only permits access after successful authentication by a specific external server. When a user registers for Sage X3, their account must first be verified in order to gain access to the application’s functions. The application often uses a database or an LDAP server to manage user authentication. However, the application only permits access in the case of SAML2 when successful authentication by a specific external server succeeds.

You must first register your application with the SAML2 identity provider in order to use this authentication mode in sage X3. You need to provide the following details and components to register, and you can only do it once:

  • a redirect URI, which includes the protocol, hostname, port, and call back path.
  • The maker.
  • a certificate that can be used if an authorization request needs to be verified as being signed.
  • Some SAML2 identity providers require a metadata file, which is accessed by the path provided in the sage X3 metadata path which has explained below.

The following procedure begins when the user logs in:

  • The programme directs the user to the SAML2 identity provider and gives information from their authorization request.
  • The SAML2 identity provider asks the user to log in unless the user is already logged in with the SAML2 identity provider.
  • The SAML2 identity provider returns user data after a successful login that is linked to an application user.

Also, the SAML2 identity provider sends the application request to log out, and the application will quickly complete any sessions that it has begun using this SAML2 identity provider.

For configuration of SAML2 id provider in Sage X3, you need to navigate to the following path:

Administration -> Administration -> Administration -> Authentication-> SAML2 id provider

When you navigate to the above path following configuration need to setup to for this authentication as shown in figure 1.

Fig 1. SAML2
  1. Name:  The SAML2 setup is referred to by the name. After creating the instance, it cannot be modified because the name has an impact the redirect URL.
  2. Display Name: Description
  3. Active: It indicates that SAML2 authentication has activated.
  4. Hide from log in page: It will hide from log in page as its name which has highlighted in the figure 2.
  5. Authorize URL: defines the complete URL of the SAML2 identity provider (including protocol, server name, port, and path), which is used as the request’s destination.
  6. Logout Response URL: defines the complete URL of the SAML2 identity provider (including protocol, server name, port, and path), which is used as the destination for response to the logout request.
  7. Callback path: The SAML2 identity provider may use this path as the destination for all requests submitted to the service provider. The SAML2 metadata for this service provider (including protocol, hostname, and port) can be retrieved using this path.
  8. Issuer: This represents the value of the Issuer attribute in the authorization request. The value that has been registered with the SAML2 identity provider must match.
  9. Response Attribute: With the help of this name, you may accurately extract the login or email address of the application user from the authorization response. When it is a name, it corresponds to the relevant OID. The attributes are set up in the SAML2 identity provider; they are not in the identity provider’s metadata file.
  10. Force authentication: The user must always log in using the SAML2 identity provider when this checkbox is selected.
  11. Protocol binding: It is utilised for the SAML2 authorization request. This field contains the protocol that the ID Provider should use (HTTP-POST by default).
  12. Signature algorithm:  It includes the algorithm used to sign communications with the SAML2 identity provider.  Only after the Certificate is set then this field becomes active.
  13. Certificate: This instance of the certificate entity generates a digital signature for the authorization request using a private key, which is required.
  14. Id provider certificate: This is used for verifying digital signature for authorization request.
  15. User: We need to add users of the sage X3 system who can log in into the system using SAML2 authentication method.
Fig 2. Option on Login Page

Users can access Sage X3 with a single set of credentials, enhancing user experience and security. By implementing SAML 2.0 authentication in Sage X3 offers a secure and streamlined approach to user access and authentication.

About Us
Greytrix – a globally recognized Premier Sage Gold Development Partner is a one-stop solution provider for Sage ERP and Sage CRM needs. Being recognized and rewarded for multi-man years of experience, we bring complete end-to-end assistance for your technical consultations, product customizations, data migration, system integrations, third-party add-on development and implementation expertise.
Greytrix caters to a wide range of Sage X3 (Sage Enterprise Management) offerings – a Sage Business Cloud Solution. Our unique GUMU™ integrations include Sage X3 for Sage CRM, Salesforce.com and Magento eCommerce along with Implementation and Technical Support worldwide for Sage X3 (Sage Enterprise Management). Currently we are Sage X3 Implementation Partner in East Africa, Middles East, Australia, Asia. We also offer best-in-class Sage X3 customization and development services, integrated applications such as POS | WMS | Payment Gateway | Shipping System | Business Intelligence | eCommerce and have developed add-ons such as Catch – Weight and Letter of Credit for Sage X3 to Sage business partners, end users and Sage PSG worldwide.
Greytrix is a recognized Sage Rockstar ISV Partner for GUMU™ Sage X3 – Sage CRM integration also listed on Sage Marketplace; GUMU™ integration for Sage X3 – Salesforce is a 5-star app listed on Salesforce AppExchange.
For more information on Sage X3 Integration and Services, please contact us at mailto:x3@greytrix.com. We will be glad to assist you.