Skip to main content
Question

ADFS SAML use in FME FLOW


eanolan2024
Contributor
Forum|alt.badge.img+1

Hello, I am new to administering FLOW. We actually have just purchased the product and are in the process of setting everything up, and learning.

I would like to integrate SAML with FLOW. It is straightforward enough with the ability to use the metadata URL or import from a xml file. All of that and actually enabling SAML under User Management was quite straightforward. 

We are a huge IT shop and I have to submit tickets to another department to have the applications integrated with ADFS.

The software was installed as port 8080, and is accessed through an F5 (load balancer). After install, I had the F5 team set up listening on port 8080 and the software is accessible via the F5 VIP and internally. 

All that said, there have been a few issues. Initially the software was passing communication for ADFS over http, because that is how it was setup. So this was expected. The problem there, is the ADFS console would not allow http to be used, it only allows https. 

I have since used a FME article (https://support.safe.com/hc/en-us/articles/27494832942477-FME-Flow-Troubleshooting-SAML) to get some settings in place, to have the Entity ID (Audience URI), and Single Sign On URL (ACS URL) for the SAML settings in FLOW to use https. 

This and solved the issue, however the software is still using port 8080 worked for the ADFS console settings, and ADFS team was able to get the authentication hooked up. The issue now is when SAML is used to authenticate, the return URL has the 8080 stripped, and the return fails. 

Basically, the user sees the FME FLOW login screen, they click the “Login with SAML,” and there is a redirect to authenticate and then the connection is lost because it tried to return to the software without using 8080, basically it’s using 443. 

How do I fix this? Is this a FLOW setting in one of the config files under the server folder? Can there be more than one port setup? It is not obvious in dev tools. In fiddler it basically shows the communication originating on :8080, and then the response on :443. 

Thanks!

3 replies

eanolan2024
Contributor
Forum|alt.badge.img+1
  • Author
  • Contributor
  • January 3, 2025

Ha! I figured it out. Thanks if you read through this.


merlinegeorge
Safer
Forum|alt.badge.img+5

Hi ​@eanolan2024 , 
 

Glad you were able to resolve this ! Could you please share the resolution steps with us? Was it listed in the troubleshooting guide- https://support.safe.com/hc/en-us/articles/27494832942477-FME-Flow-Troubleshooting-SAML ? This would really help us with troubleshooting other cases.


eanolan2024
Contributor
Forum|alt.badge.img+1
  • Author
  • Contributor
  • January 17, 2025

Hello,

It was the combination of the steps in these three locations:

FME Flow Troubleshooting: SAML – FME Support Center

SAML Authentication Failure

Update the Tomcat Properties File

 

But final, change was in fmeserver\WEB-INF\conf\propertiesFile.properties :

SINGLE_SIGN_ON_AUTH_URL=http://MyFMEServerHost:80/fmetoken/sso/generate

The URL can be copied right from the SAML config under User management → Authentication Services → SAML Configuration.

*** I want to stress how important it is, to make copies of any files that are changed, to ensure that there is an original available to revert back to, if there are any issues restarting FME FLOW services after changes. ***


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings