Modify the Fusion Configuration File

There are several properties related to SAML authentication that will need to be added to the Orchid Fusion VMS configuration file. So as a first step, get the configuration file ready for these new settings. You won’t be able to fully configure the last three properties until you have configured your Identity Provider (IdP) (which will be explained later).

*For extra help with the steps below, please refer back to the Installation section that corresponds to the operating system in which you are working.

*Beginning in version 24.6.1, Orchid Fusion/Hybrid VMS allows administrators to define a mapping between multiple user attributes and Fusion Permission Groups. The saml.common.setting.domain property is no longer required. Modifying the configured attributes in the properties file will log out all related SAML users upon restart.

1. Open the fusion.properties file.
2. Add the following properties to the Orchid Fusion VMS configuration file:

• fusion.public.url=https://your-url
  • This is the public URL used to access your Orchid Fusion VMS.

• saml.common.setting.domain=yourdomain.com (This property is obsolete and will be removed from the properties file upon upgrade.)

• saml.provider.samlclient1.common.name=IdP Vendor
  • This is the provider name that will be displayed on the Orchid Fusion login page (such as Okta, Ping, etc.).

• saml.provider.samlclient1.idp.metadata.filename=ap-idp-metadata.xml
  • This is the name of the XML file you will download from your IdP. (We’ll cover this in the next section.)
    • If you’re working in Linux, this XML file must be placed in the following directory: /etc/opt/fusion/
    • If you’re working in Windows, this XML file must be placed in the following directory: C:\Program Files\IPConfigure\Fusion\conf

• saml.provider.samlclient1.attr.key.name=name
• saml.provider.samlclient1.attr.key.group=group
  • These are the keys that the IdP uses to represent user names and user groups. (We’ll cover this in the next section.)
    • For simple configurations, you will utilize the users’ SAML group attribute saml.provider.samlclient1.attr.key.group=group to pull in all users in the group.
    • Beginning in version 24.6.1, you may use multiple attributes to identify a group of users who match all of those attributes. For example:

3. Save changes to the properties file. (Don’t restart the Fusion service yet. We need to fill in more information first.)

Here’s what the SAML portion of your Fusion configuration file might look like at this point:

*Note that up to five separate SAML identity providers can be configured and used in Orchid Fusion VMS. Specify additional providers by copying the last four properties (those that include “samlclient1” in the name). You will need one complete set of four properties for each IdP you want to configure. Then for each additional set, replace “samlclient1” with the appropriate client name (“samlclient2”, “samlclient3”, “samlclient4”, or “samlclient5”).