Using SAML as the Authentication Source for Digital Hive
Question
Can Digital Hive leverage SAML as the authentication source so that existing an SAML provider can be used?
Answer
Digital Hive, both Windows and Linux, can be configured to use SAML authentication.
It is highly recommended that SAML integration is configured BEFORE a user has logged into the Digital Hive application. If a user has previously logged into Digital Hive before SAML was configured, please contact the Customer Success team at support@digitalhive.com.
Note: After completing these steps, the first user to log into Digital Hive will be the Super User so please make sure that the first user to access Digital Hive is the intended Super User.
Windows
- From within the Services panel, stop the DigitalHive-node1 service
- Using the Windows File Explorer, navigate to <install directory>\DigitalHive\app\node1\tomcat\bin
- Right click on the tomcat9w.exe file
- Select Create shortcut
- Drag the newly created tomcat9w.exe - Shortcut to the desktop
- Right click on the tomcat9w.exe - Shortcut
- Select Properties
- On the Shortcut tab, append //ES//DigitalHive-node1 to the Target making sure that there is a space between the value and the appended string
- Click OK
- Double click the Desktop tomcat9w.exe - Shortcut
- Click Yes
- Select the Java tab
- In the Java Options: section add -Dspring.profiles.active=saml_auth to the list of strings
- Click OK
- Using the Windows File Explorer, navigate to <install directory>\DigitalHive\app\node1\tomcat\conf
- Edit the theia.properties file
- Edit or Add the following parameters
#SAML Properties
saml.idp.metadata.url should point to the IDP metadata provider URL (example: https://digitalhive.okta.com/app/digitalhive/exknxtx1ia8vlwhPd2/sso/saml/metadata)
saml.sp.entity.id identifier for Digital Hive as an SP. This ID will be configured in the IDP to support Digital Hive authentication
saml.keystore.location is the location of the keystore for signing requests to Digital Hive. Defaults to the Digital Hive web keystore at conf/keystore.jks
saml.keystore.password is the password for the above keystore
saml.keystore.key.alias is the alias of the key used to sign requests. The default value is Digital Hive
saml.keystore.key.password is the password for the above key alias
saml.username.attribute.name is the attribute name (from the assertion) to be used for the username. The default value is email
saml.authorities.attribute.name is the attribute name (from the assertion) to be used for the user groups/authorities. The default value is eduPersonAffiliation
18. Save and Close the text editor
19. From within the Services panel, start the DigitalHive-node1 service
Digital Hive on Windows is now configured to use SAML for authentication.
Linux
- Navigate to the root DigitalHive install and run .\tomcat.sh -stop
- Navigate to DigitalHive\app\node1\tomcat\conf
- Edit the theia.properties file
- Search for motio.theia.tomcat.jvm.opts and append: -Dspring.profiles.active=saml_auth
- Edit or Add the following parameters
#SAML Properties
saml.idp.metadata.url should point to the IDP metadata provider URL (example: https://digitalhive.okta.com/app/digitalhive/exknxtx1ia8vlwhPd2/sso/saml/metadata)
saml.sp.entity.id identifier for Digital Hive as an SP. This ID will be configured in the IDP to support Digital Hive authentication
saml.keystore.location is the location of the keystore for signing requests to Digital Hive. Defaults to the Digital Hive web keystore at conf/keystore.jks
saml.keystore.password is the password for the above keystore
saml.keystore.key.alias is the alias of the key used to sign requests. The default value is Digital Hive
saml.keystore.key.password is the password for the above key alias
saml.username.attribute.name is the attribute name (from the assertion) to be used for the username. The default value is email
saml.authorities.attribute.name is the attribute name (from the assertion) to be used for the user groups/authorities. The default value is eduPersonAffiliation
6. Save and Close the editor
7. Navigate to the root DigitalHive install and run .\tomcat.sh -start
Digital Hive on Linux is now configured to use SAML for authentication.
- Navigate to the root DigitalHive install and run .\tomcat.sh -stop
- Navigate to DigitalHive\app\node1\tomcat\conf
- Edit the theia.properties file
- Search for motio.theia.tomcat.jvm.opts and append: -Dspring.profiles.active=saml_auth
- Edit or Add the following parameters
Related Articles
Digital Hive Installation and Configuration Overview
Overview This article serves as a collection of all the steps required to install and configure the Digital Hive solution. Prerequisites Digital Hive can be installed on either Windows or Linux based systems. From a server sizing perspective, the ...Digital Hive Frequently Asked Questions (FAQ)
Installation Can Digital Hive be installed on premise or in the Cloud? Digital Hive can be installed using either on-premise hardware, in a Private Cloud, or a hybrid architecture that leverages both Cloud and on-premise. There is currently no ...What's New in the 2025.2 Digital Hive Release
What's New in the Digital Hive 2025.2 Release This articles details the new product features, enhancements, and resolved issues, that were included as part of the Digital Hive 2025.2 release. Prerequisites To move to this release, this must be a new ...What's New in the 2024.1 Digital Hive Release
This articles details the new product features, enhancements, and resolved issues, that were included as part of the Digital Hive 2024.1 release. New Features & Enhancements Flyout button The Flyout button element is a great way to provide contextual ...Using OAuth as the Authentication Source for Digital Hive
Question Can Digital Hive leverage OAuth as the authentication source so that existing users and groups can be used? Answer OAuth sources like Azure and Google can both be leveraged for Digital Hive authentication. When using external third-party ...