Skip to main content

Step 3: Configure the SSO Common Properties File

This step configures the core.sso.common.properties file to enable SSO on the Code Insight server.

To prepare the “core.sso.common.properties” file, do the following:

  1. Copy the core.sso.common.properties file from SCA_install_home/samples/sso/config to SCA_install_home/config/core.

  2. In a text editor, open the SCA_install_home/config/core/core.sso.common.properties file. The following shows the file contents.

    ## this file contains all sso placeholder values.
     saml.keystore=file:///c:/<path>/<keystore.jks>
     saml.keystore.password=<keysore_password>
     saml.keystore.alias=<keystore_alias>
     saml.keystore.alias.password=<keystore_alias_password>

     #for SP
     saml.entity.id=<ww:xx:yy:zz>
     saml.base.url=<https://myhost.mycompany.com:8443>
     saml.registration.id =<registration_id>
     saml.signing.enabled=false

     ##########################################################
     # The following properties are commented out as they
     # relate to legacy features for SAML 1.0 that are
     # typically NOT required for standard SAML 2.0 setups.
     ##########################################################

     ## for extendedMetadata configuration
     #saml.metadata.local=true
     #saml.metadata.alias=
     #saml.metadata.idpDiscoveryEnabled=false
     #saml.metadata.idpDiscoveryURL=
     #saml.metadata.idpDiscoveryResponseURL=
     #saml.metadata.ecpEnabled=false
     #saml.metadata.securityProfile=metaiop
     #saml.metadata.sslSecurityProfile=pkix
     #saml.metadata.sslHostnameVerification=default
     #saml.metadata.signingKey=<keystore_alias_password>
     #saml.metadata.signingAlgorithm=null
     #saml.metadata.signMetadata=false
     #saml.metadata.encryptionKey=<keystore_alias_password>
     #saml.metadata.tlsKey=
     ## private Set<String> trustedKeys=
     #saml.metadata.requireLogoutRequestSigned=false
     #saml.metadata.requireLogoutResponseSigned=false
     #saml.metadata.requireArtifactResolveSigned=false
     #saml.metadata.supportUnsolicitedResponse=true

  3. Update the properties (highlighted above) required for Service Provider security and identification, and then save the file. The properties that you need to edit or that require explicit configuration are described in this table:

    SSO PropertyDescription
    saml.keystoreEnter the path and name of the keystore that you created for SSO. This can be the same keystore that you are using for HTTPS or a different one. See Configure HTTPS on the Code Insight Server in the “Installing Code Insight” chapter for more information.
    saml.keystore.passwordEnter the password for the keystore.
    saml.keystore.aliasEnter the alias defined for the private key contained in the keystore.
    saml.keystore.alias.passwordEnter the password for the private key alias.
    saml.entity.idEnter a unique identifier for your Code Insight server as a Service Provider. The recommended value is the hostname for the Code Insight server.
    Note that, even though the server’s hostname is the recommended value, the entity ID is an immutable value identifying the Service Provider in an SSO session; it is not used to identify a location.
    saml.base.urlThe HTTPS URL handling the Service Provider’s user sign-in requests. This is usually the URL for your Code Insight server in HTTPS://myhost.mycompany.com:port format. The default port for the Code Insight server is 8443.
    saml.registration.idEnter a unique identifier to register the Service Provider configuration to enable the SSO service. This ID is used internally to distinguish between multiple Service Provider configurations and is included in the SSO endpoint URL, for example:
    https://myhost.mycompany.com:8443/login/saml2/sso/ {registrationId}
    Use a short, descriptive, and URL-friendly name (such as codeinsight, SSO, or your organization's name). This value must match the identifier expected by your Identity Provider in the SSO service request URL.
    Note: The saml.entity.id property is used within SSO assertions and metadata, whereas the saml.registration.id property is used to construct and route internal URLs within the application.
    saml.signing.enabledSpecify whether the SSO service requests generated by the Service Provider should be digitally signed.
    Set this property to true if your Identity Provider (IdP) requires signed authentication requests.
    Set to property to false if your Identity Provider (IdP) does not require signed requests.
    Note: Prior to Code Insight 2025 R4 release, this behavior was configured in the SPMetadata.xml file using the requestSigned and wantAssertionSigned properties.
    saml.metadata.aliasEnter the metadata alias.
    saml.metadata.idpDiscovery URLLeave this field blank. Do not enter null.
    saml.metadata.idpDiscovery ResponseURLLeave this field blank. Do not enter null.
    saml.metadata.signingKeyEnter the password for the private key alias.
    saml.metadata.encryptionKeyEnter the alias defined for the private key contained in the keystore.
    saml.metadata.tlsKeyEnter the alias of private key generated for SSL/TLS client authentication.
    saml.entity.idEnter a unique identifier for your Code Insight server as a Service Provider. The recommended value is the hostname for the Code Insight server.
    Note that, even though the server's hostname is the recommended value, the entity ID is an immutable value identifying the Service Provider in an SSO session; it is not used to identify a location.
    saml.base.urlThe HTTPS URL handling the Service Provider's user sign-in requests. This is usually the URL for your Code Insight server in HTTPS://myhost.mycompany.com:port format. Note that the default port for the Code Insight server is 8443.