WS-Trust configuration - HxGN EAM - - Feature Briefs - Hexagon

HxGN EAM SSO Configuration

Search by Category
Feature Briefs
HxGN EAM Version

WS-Trust is a specification and OASIS standard that uses secure messaging mechanisms of WS-security to manage and handle issuing, validating, and renewing security tokens. WS-Trust is available when using ADFS or Ping Federate as the IDP, but not with Azure AD or Okta.

WS-Trust Configuration


Enable WS-Trust

Select this check box to enable WS-Trust configuration.

STS Endpoint

Security token service connection end point for credentials.

Identity Provider Type

Ping Federate (PF) or Active Directory (ADFS).

If the user selects PF as the Identity Provider Type, the system will set the STS Policy ID field as required.

MEX Address

The Message Exchange Address.

STS Policy ID

The Policy ID which grants security credential permissions for federated users or roles (required for PF).

Qualify User

Sets the userid to <tenant>~<userid> (intended for backward compatibility).

Transmit Tenant

Sets the userid to <customerid>_<userid> (intended for backward compatibility).

Specific to the Qualify User and Transmit Tenant check boxes, these are mutually exclusive. Qualify User or Transmit Tenant may need to be selected when connecting to an Infor IDP. For on-premise customers, if WS-Trust has already been configured in the yaml file, the setting for these values on the SSO Configuration screen will be the same as the yaml settings. For customers configuring WS-Trust for the first time, these settings should not be used.

Previously, WS-Trust configuration information was stored in yaml files. This detail will now be stored in the database, so it is tenant specific. The file-based configuration will still be made available, but the database settings will override the yaml settings when the former is available.

If the WS-Trust configuration values are not set on the SSO Configuration screen, the system will revert to the prior approach of reading these values from the yaml file.

While on-premise customers can use this screen to store the WS-Trust configuration, the SSO Configuration screen will be used in the cloud to make the WS-Trust setting tenant-specific.