Accruent Meridian Enterprise 2019 Administrator's Guide
Configuring PowerWeb authentication
Complete the follow tasks on the Meridian web server to configure PowerWeb for SAML authentication. Command lines are shown below but the graphical user interface may also be used.
To configure the Meridian application pool:
- In Internet Information Services (IIS), find the name of the Meridian application pool, for example, BCMeridian by default. Use this name where necessary in the following steps.
-
Switch the application pool to integrated pipeline mode.
appcmd set apppool "Meridian Application Pool" /managedPipelineMode:Integrated
-
Set the .NET mode.
appcmd set apppool "Meridian Application Pool" /managedRuntimeVersion:v4.0
To configure the Meridian web site:
-
Enable anonymous authentication mode. It might be necessary to unlock the sections first if appcmd.exe is used.
appcmd set config "Default Web Site/Meridian" /section:system.webServer/security/authentication/windowsAuthentication /enabled:false /commit:appHost appcmd set config "Default Web Site/Meridian" /section:system.webServer/security/authentication/anonymousAuthentication /enabled:true /commit:appHost
To create the registry values:
- Create the new key: HKEY_LOCAL_MACHINE\SOFTWARE\Cyco\AutoManager Meridian\CurrentVersion\WebLink\Auth
-
Create the following registry values under the new key:
| Name | Type | Description | Example |
|---|---|---|---|
|
UseOpenIdConnectAuthentication |
DWORD |
Enables SAML authentication. |
1 |
|
PowerWebAppUrl |
String |
URL used to connect to PowerWeb. This must be the same URL as the one provided to the SAML identity provider. |
http://<MyDomain>/meridian
|
|
TenantId |
String |
Meridian Portal tenancy name. |
<OrgName>
|
|
IssuerUri |
String |
URL of the Meridian Cloud authentication server. |
https://auth-ci2.meridiancloud.io/auth |
|
ClientId |
String |
Value entered during registration with the SAML identity provider. |
mvc.owin.implicit |
|
ClientSecret |
String |
Value entered during registration with the SAML identity provider. |
secret |
|
AccessTokenHeaderName |
String |
Random value comprised of letters, digits, and underscores but no dashes. |
AccessToken91ac5084bcc34faa8f27de9080ac2325 |
|
SubjectHeaderName |
String |
Random value comprised of letters, digits, and underscores but no dashes. |
Subject_91ac5084_bcc3_4faa_8f27_de9080ac2325 |
To copy the binary files:
- Find the Meridian PowerWeb installation folder, for example, C:\inetpub\amm by default.
- Create a new sub-folder named bin.
-
Copy the following files to the new sub-folder:
IdentityModel.dll
IdentityServer3.AccessTokenValidation.dll
log4net.dll
Microsoft.IdentityModel.Protocol.Extensions.dll
Microsoft.Owin.dll
Microsoft.Owin.Host.SystemWeb.dll
Microsoft.Owin.Security.Cookies.dll
Microsoft.Owin.Security.dll
Microsoft.Owin.Security.Jwt.dll
Microsoft.Owin.Security.OAuth.dll
Microsoft.Owin.Security.OpenIdConnect.dll
Microsoft.Web.Infrastructure.dll
Nebula.PowerWeb.Auth.App.dll
Nebula.PowerWeb.Auth.App.dll.config
Newtonsoft.Json.dll
Owin.dll
System.IdentityModel.Tokens.Jwt.dll
System.Net.Http.Formatting.dll
System.Web.Http.dll
System.Web.Http.Owin.dll
System.Web.Http.WebHost.dll
To configure PowerWeb application:
- Open the web.config file in any text editor.
-
Add the following text to the <configuration\system.webServer> node:
<modules runAllManagedModulesForAllRequests="true" />
- Add the text block below to the <configuration> node.
-
Restart IIS.
iisreset
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Cors" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.0.20622.1351" newVersion="4.0.20622.1351" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.IdentityModel.Protocol.Extensions" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.2.33" newVersion="1.0.2.33" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>