DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.



Similar documents
Microsoft Office 365 with ADFS

DualShield Authentication Platform

NetMotion Mobility XE

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Apache HTTP Server. Implementation Guide. (Version 5.7) Copyright 2013 Deepnet Security Limited

High Availability And Disaster Recovery

DualShield. for PAM RADIUS. Implementation Guide. (Version 5.4) Copyright 2012 Deepnet Security Limited

Network Policy Server (NPS) Remote Routing Access (RRAS)

High Availability And Disaster Recovery

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Microsoft Office 365 Using SAML Integration Guide

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

HP Software as a Service. Federated SSO Guide

PingFederate. Identity Menu Builder. User Guide. Version 1.0

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

SAML 2.0 SSO Deployment with Okta

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

SAM Context-Based Authentication Using Juniper SA Integration Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

CA Nimsoft Service Desk

Centrify Mobile Authentication Services

User Management Tool 1.5

DIGIPASS as a Service. Google Apps Integration

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Omniquad Exchange Archiving

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Security Assertion Markup Language (SAML) Site Manager Setup

Get Cloud Ready: Secure Access to Google Apps and Other SaaS Applications

HP Software as a Service

Google Apps Deployment Guide

Using SAML for Single Sign-On in the SOA Software Platform

SAML Authentication with BlackShield Cloud

SAML Authentication Quick Start Guide

Centrify Mobile Authentication Services for Samsung KNOX

DameWare Server. Administrator Guide

CA Spectrum and CA Embedded Entitlements Manager

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

INTEGRATION GUIDE. DIGIPASS Authentication for Salesforce using IDENTIKEY Federation Server

Perceptive Experience Single Sign-On Solutions

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Cloud Authentication. Getting Started Guide. Version

Flexible Identity Federation

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

DEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

Getting Started with AD/LDAP SSO

Flexible Identity Federation

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Configuring IBM Cognos Controller 8 to use Single Sign- On

SafeNet Authentication Service

INTEGRATION GUIDE. DIGIPASS Authentication for VMware Horizon Workspace

The increasing popularity of mobile devices is rapidly changing how and where we

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Enabling Single Sign- On for Common Identity using F5

2 FACTOR + 2. Authentication WAY

How To Use Salesforce Identity Features

Setup Guide Access Manager 3.2 SP3

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

ADFS Integration Guidelines

PingFederate. SSO Integration Overview

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

AG MacOS Standalone Array Client Administration Guide

CA Performance Center

Single Sign-on to Salesforce.com with CA Federation Manager

TIB 2.0 Administration Functions Overview

INTEGRATION GUIDE. DIGIPASS Authentication for Google Apps using IDENTIKEY Federation Server

VMware Identity Manager Administration

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

VMware Identity Manager Integration with Active Directory Federation Services 2.0

A Step-By-Step Guide

CRM to Exchange Synchronization

Egnyte Single Sign-On (SSO) Installation for OneLogin

Configuring Salesforce

Reverse Proxy Guide. Version 2.0 April 2016

Getting Started with Clearlogin A Guide for Administrators V1.01

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

IBM WebSphere Application Server

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Sharepoint server SSO

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

Computer Services Documentation

Using Internet or Windows Explorer to Upload Your Site

McAfee Cloud Identity Manager

Wavecrest Certificate

CA NetQoS Performance Center

Virtual Contact Center

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

McAfee Cloud Single Sign On

How To Configure A Microsoft Virtual Server On A Microsoul.Com (Windows) 2005 (Windows 2005) (Windows Vvirtual) (Powerpoint) (Msof) (Evil) (Microsoul) (Amd

Administrator Guide. v 11

Transcription:

DualShield Integration Guide Copyright 2011 Deepnet Security Limited Copyright 2011, Deepnet Security. All Rights Reserved. Page 1

Trademarks Deepnet Unified Authentication, MobileID, QuickID, PocketID, SafeID, GridID, FlashID, SmartID, TypeSense, VoiceSense, MobilePass, DevicePass, RemotePass and Site Stamp are trademarks of Deepnet Security Limited. All other brand names and product names are trademarks or registered trademarks of their respective owners. Copyrights Under the international copyright law, neither the Deepnet Security software or documentation may be copied, reproduced, translated or reduced to any electronic medium or machine readable form, in whole or in part, without the prior written consent of Deepnet Security. Licence Conditions Please read your licence agreement with Deepnet carefully and make sure you understand the exact terms of usage. In particular, for which projects, on which platforms and at which sites, you are allowed to use the product. You are not allowed to make any modifications to the product. If you feel the need for any modifications, please contact Deepnet Security. Disclaimer This document is provided as is without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the document. Deepnet Security may make improvements of and/or changes to the product described in this document at any time. Contact If you wish to obtain further information on this product or any other Deepnet Security products, you are always welcome to contact us. Deepnet Security Limited Northway House 1379 High Road London N20 9LP United Kingdom Tel: +44(0)20 8343 9663 Fax: +44(0)20 8446 3182 Web: www.deepnetsecurity.com Email: support@deepnetsecurity.com Copyright 2011, Deepnet Security. All Rights Reserved. Page 2

Table of Contents Introduction... 4 Installation... 5 Integration... 5 Create a Service Provider... 5 Download SSO metadata... 6 Configure SSO Agent... 6 Google Apps... 7 Register a Google Apps in DualShield... 7 Create the SSO server s certificate file... 7 Configure Google Apps... 9 Authentication... 11 Copyright 2011, Deepnet Security. All Rights Reserved. Page 3

Introduction Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider (IdP) and a service provider (SP, usually a web service or cloud application). SAML 2.0 enables web-based authentication and authorization scenarios including Single Sign-On (SSO). DualShield unified authentication platform includes a Single Sign-On server that is fully compliant to SAML 2.0 standard. The complete solution consists of the following components: DualShield Authentication Server DualShield SSO Server (IdP) Third-party SAML 2.0 enabled applications (SP) For a SAML enabled application, such as Google Apps and Salesforce, DualShield Single Sign-On server acts as an identity provider that authenticates users and provides information used to authorize users. When a user attempts to login to a could or web application that is SAML 2.0 enabled and integrated with DualShield SSO, the request is automatically redirected to DualShield SSO. DualShield SSO parses the request, authenticates the user with multifactor authentications and to an organization s AD/LDAP directory, and generates a SAML response to the cloud or web application. Once successfully verified, the user is automatically logged in to the application. Copyright 2011, Deepnet Security. All Rights Reserved. Page 4

Installation The DualShield SSO Server is a server application on its own. However, the DualShield installation program always installs a copy of the SSO server as a service in the platform in the same place where DualShield authentication server and management console are installed. The DualShield management console uses the SSO server as its login server. You can use this copy of SSO server or install a separate, standalone SSO server depending on your requirements and infrastructure. Integration To integrate a SAML enabled application (SP) with a SAML authentication server (IdP), it only requires the exchange of so-called metadata of each party. From the DualShield management console, you can easily create a SAML service provider and upload its metadata. You can also download the SSO server s metadata and upload it to the service provider. Create a Service Provider 1. In the main menu, select SSO SSO Server. A list of installed and registered SSO servers is displayed. 2. In the SSO server list, select a SSO server and click its context menu icon. 3. Select Service Providers in the context menu. A list of registered service providers is displayed. Copyright 2011, Deepnet Security. All Rights Reserved. Page 5

4. Click Create on the toolbar to create a new Service Provider 5. Provide a name for the new service provider to be created, and its metadata. 6. Click Save Download SSO metadata 1. In the SSO server list, select a SSO server and click its context menu icon. 2. In the context menu, select Download Metadata 3. Save the metadata file. Configure SSO Agent To the DualShield authentication server, a SSO server is an authentication agent. You need to further configure the SSO agent by connecting it to a DualShield application that is linked to your user directory. Copyright 2011, Deepnet Security. All Rights Reserved. Page 6

Google Apps DualShield management console provides a built-in facility that further simplifies the process of integrating DualShield SSO with Google Apps services. Register a Google Apps in DualShield 1. In the Service Provider list, click Register Google Apps 2. In the popup window, provide a name for your Google Apps service and its domain 3. Click Save Create the SSO server s certificate file Instead of the SSO server s metadata, Google Apps requires the SSO server s certificate. Currently, the DualShield Management Console lacks a quick way to download a SSO server s certificate. You will have to create a SSO server s certificate by extracting it from the SSO server s metadata. Copyright 2011, Deepnet Security. All Rights Reserved. Page 7

1. Download the SSO server s metadata 2. Save the metadata to a file and open it with a text editor 3. Select the text block from <ds:x509certificate> to </ds:x509certificate>, copy and it to the clipboard 4. Create a new, blank text file 5. Paste the text block from the clipboard to the new text file Copyright 2011, Deepnet Security. All Rights Reserved. Page 8

Integration Guide 6. Replace <ds:x509certificate> with -----BEGIN CERTIFICATE----- 7. Replace </ds:x509certificate> with -----END CERTIFICATE----- 8. Save the file. Configure Google Apps 1. Login into your Google Apps control panel. Typically, the URL is: https://www.google.com/a/xxx.xxx where xxx.xxx is your Google Apps domain name, e.g. deepnetid.com Copyright 2011, Deepnet Security. All Rights Reserved. Page 9

2. Click Advanced tools 3. Click Set up single sign-on (SSO) 4. Complete the form as below Sign-in page URL http://dualshield.deepnetsecurity.com:8074/appsso/login?dasapplicationname=goo gleapps Sign-out page URL http://dualshield.deepnetsecurity.com:8074/appsso/logout?dasapplicationname=go ogleapps&entityid=google.com/a/deepnetid.com Change password URL http://dualshield.deepnetsecurity.com:8074/appsso/chpwd Replace dualshield.deepnetsecurity.com:8074 with the URL of your DualShield SSO s logon URL. (8074 is the default TCP port number of the DualShield SSO server. Yours might be different, and you might wish to NAT it to the HTTP/S port (80/443)). Replace GoogleApps in the DASApplicationName=GoogleApps with the application name that you have published on your DualShield SSO Agent in the DualShield management console. (In this example,if happens to be named as GoogleApps but you can name your application whatever you like). Replace deepnetid.com with the domain name of your Google Apps service. 5. Click the Replace certificate link Copyright 2011, Deepnet Security. All Rights Reserved. Page 10

Choose the DualShield SSO server s certificate file that you have created in the last section, then upload it. 6. Finally, click Save Changes Your Google Apps is now integrated with the DualShield SSO, and its logon is protected by DualShield multifactor authentication. Authentication Once your web or cloud applications are integrated with the DualShield SSO server, when a user attempts to login to your applications the request is automatically redirected to DualShield SSO. When the user has been successfully authenticated by the DualShield SSO Server, the user will be automatically redirect back to your application and logged into the application. Copyright 2011, Deepnet Security. All Rights Reserved. Page 11

Within the same session, the user will be able to single sign on to other applications that are also protected with the same SSO server, without being asked to authenticate again. Copyright 2011, Deepnet Security. All Rights Reserved. Page 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information