We have configured SSO in Pega common layer Server and we want to reuse this configuration in other application servers. But the challenge here is SP meta data is getting changed w.r.t server. So it is required to configure the SAML authentication service again in each server and the changes need to be done at the IDP end.
1. Is there a way we can reuse this SAML Authentication service in other application servers without any changes at the IDP end?
2. Can we configure Pega as an Identity provider? Purpose is to use the Common layer server as an Identity Provider.
There are few built on applications that are common across all the existing PEGA applications. These applications are maintained in Common Layer owned by COE team.
We have implemented SSO in the organization layer and it is not working in other Dev environments When this Auth service is imported by other application teams. And the reason for this is server specific SP meta data.
How best can we utilize the SAML Auth service created in 1 server to be reused across other environments without any changes?
Yes, SP meta data has been updated in PEGA Server and the updated meta data needs to be shared with the IDP team again to configure SSO. Its like repeating the same process again and again, can't we reuse the existing configuration?
IDP has to know the URL to which it has to redirect on successful login. This URL has to be different from environment to environment. Same URL doesn't work for all the environments. That's why we need to reset the SP metadata for every environment. To minimize the Auth service changes when you move from one server to another, you can use GRS (Global Resource Settiings) syntax using a DataPage and you can customize the source of the data page on each environment.