Hello, I am new to administering FLOW. We actually have just purchased the product and are in the process of setting everything up, and learning.
I would like to integrate SAML with FLOW. It is straightforward enough with the ability to use the metadata URL or import from a xml file. All of that and actually enabling SAML under User Management was quite straightforward.
We are a huge IT shop and I have to submit tickets to another department to have the applications integrated with ADFS.
The software was installed as port 8080, and is accessed through an F5 (load balancer). After install, I had the F5 team set up listening on port 8080 and the software is accessible via the F5 VIP and internally.
All that said, there have been a few issues. Initially the software was passing communication for ADFS over http, because that is how it was setup. So this was expected. The problem there, is the ADFS console would not allow http to be used, it only allows https.
I have since used a FME article (https://support.safe.com/hc/en-us/articles/27494832942477-FME-Flow-Troubleshooting-SAML) to get some settings in place, to have the Entity ID (Audience URI), and Single Sign On URL (ACS URL) for the SAML settings in FLOW to use https.
This and solved the issue, however the software is still using port 8080 worked for the ADFS console settings, and ADFS team was able to get the authentication hooked up. The issue now is when SAML is used to authenticate, the return URL has the 8080 stripped, and the return fails.
Basically, the user sees the FME FLOW login screen, they click the “Login with SAML,” and there is a redirect to authenticate and then the connection is lost because it tried to return to the software without using 8080, basically it’s using 443.
How do I fix this? Is this a FLOW setting in one of the config files under the server folder? Can there be more than one port setup? It is not obvious in dev tools. In fiddler it basically shows the communication originating on :8080, and then the response on :443.
Thanks!