SAML SSO settings
In the Administration settings > SAML SSO integration tab, you can enable single-sign-on (SSO). This way, users can use one set of credentials for logging into OpenText Functional Testing Lab, as they do for logging into other SSO applications in their organization.
Note: When configuring the lab to work with SAML SSO, the connection to OpenText Functional Testing Lab must be over SSL. For details, see Windows Installation or Linux Installation.
This section is not relevant for OpenText Core SDP.
Set up the SAML SSO integration
OpenText Functional Testing Lab supports single-sign on via SAML 2.0. SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between an identity provider (IdP) and a service provider, such as OpenText Functional Testing Lab.
To enable SAML SSO integration, you need to add OpenText Functional Testing Lab to your Identity Provider (IdP). Refer to your Identity Provider documentation for instructions on how to configure your IdP for a new SAML 2.0 application. You need information (metadata) about OpenText Functional Testing Lab when configuring your IdP. Download this by clicking the DOWNLOAD OpenText Functional Testing Lab METADATA link.
You also need to add the following information from your IdP to OpenText Functional Testing Lab, so that SAML-based authentication requests can be sent to your IdP:
Field | Details |
---|---|
IdP SAML metadata |
This can be a URL, or you can copy and paste the contents of the IdP metadata .xml file into this field. |
Administrator login name |
This is a user, defined in the IdP, that is granted OpenText Functional Testing Lab administrator permissions. Initially, only this user is able to access the Administration menu to perform administration tasks such as configuring settings, and managing workspaces, licenses, and access keys. The administrator can assign admin permissions to additional users by changing the user role in Administration > Settings > Users. |
Username attribute identifier |
User attributes are information used to identify individual users. In this field, provide the SAML attribute name for the username attribute that the IdP uses for identification on sign in. Depending on how you configured your IdP, the username attribute for signing in can be an email address, or a unique user name. Tip: Find the attribute identifier in the AttributeStatement section of the IdP SAML response. Look for the SAML attribute name with a value that equals the attribute that IdP uses for identification on sign in. For example, if email address is used for authentication of users against the IdP, the identifier in the example below is http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Alternatively, use {$id} to take the username from the subject of the SAML assertion, and not from Attribute section. |
After you have successfully defined the SSO settings, you are prompted to log out and to log in again using your organization credentials.
Update settings
You can update the SSO integration settings if needed. When you update any of the settings, you are prompted to log out and to log in again using your organization credentials. If you deactivate SAML SSO, you need to use your OpenText Functional Testing Lab credentials to log in again.
Note: When you enable or turn off the SSO setting, all existing users, excluding admin@default.com, are deleted.
If you enabled SSO but cannot log in to OpenText Functional Testing Lab as an administrator, for example, if you wrongly configured the administrator user, you can deactivate SAML SSO by running the User management script.
Note for OpenText Functional Testing Lab SaaS: The IdP must be accessible over the internet. Add the SaaS address to your allowlist if needed.
See also: