Java SAML Consumer Value-Added Module (VAM) Deployment Guide

Similar documents
VAM. Java SAML Consumer Value- Added Module (VAM) Deployment Guide

.NET SAML Consumer Value-Added (VAM) Deployment Guide

OAM 2FA Value-Added Module (VAM) Deployment Guide

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

VAM. PeopleSoft Value-Added Module (VAM) Deployment Guide

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Device Recognition Best Practices Guide

ComponentSpace SAML v2.0 Okta Integration Guide

Configuration Guide - Single-Sign On for OneDesk

Fineract-platform Installation on Windows

Add OKTA as an Identity Provider in EAA

Google Apps Integration

Configuring Confluence

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

EMC Syncplicity Connector for Documentum Installation Guide

Juniper Networks SSL VPN Integration Guide

SAML-Based SSO Configuration

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

Google SAML Integration with ETV

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Health Analyzer VAM Best Practices Guide

Configuring Alfresco Cloud with ADFS 3.0

Configuring ServiceNow

CLI users are not listed on the Cisco Prime Collaboration User Management page.

SAML-Based SSO Configuration

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Live Data Connection to SAP Universes

VAM. Epic epcs Value-Added Module (VAM) Deployment Guide

MyWorkDrive SAML v2.0 Okta Integration Guide

Morningstar ByAllAccounts SAML Connectivity Guide

FUSION REGISTRY COMMUNITY EDITION SETUP GUIDE VERSION 9. Setup Guide. This guide explains how to install and configure the Fusion Registry.

Security Provider Integration SAML Single Sign-On

PingOne. How to Set Up a PingFederate Connection to the PingOne Dock. Quick Start Guides. Version 1.1 December Created by: Ping Identity Support

Perceptive Experience Content Apps

Security Provider Integration: SAML Single Sign-On

SAML-Based SSO Solution

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Integrating YuJa Active Learning into Google Apps via SAML

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents

D9.2.2 AD FS via SAML2

CLI users are not listed on the Cisco Prime Collaboration User Management page.

RSA SecurID Access SAML Configuration for Kanban Tool

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

Proven Practice Installing TM1 9.5 in Apache Tomcat Product(s): TM1 9.5 Area of Interest: Install Config

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

RSA SecurID Access SAML Configuration for Datadog

IdP High Performance and Optimization Best Practices Guide

SecureAuth IdP Realm Guide

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

SAML-Based SSO Solution

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Technical Documentation. Configuring Google SSO with Amazon AppStream 2.0 and Amazon AppStream 2.0 Chrome Packaging and Deployment

Introduction to application management

Oracle Access Manager Configuration Guide

Quick Connection Guide

Enabling Single Sign-On Using Okta in Axon Data Governance 5.4

SafeNet Authentication Service

McAfee Cloud Identity Manager

RSA SecurID Access SAML Configuration for StatusPage

Slack Cloud App SSO. Configuration Guide. Product Release Document Revisions Published Date

Okta Integration Guide for Web Access Management with F5 BIG-IP

Google SAML Integration

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Okta SAML Authentication with WatchGuard Access Portal. Integration Guide

McAfee Cloud Identity Manager

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

LizardTech. Express Server 9. ExpressZip Manual

Open XML Gateway User Guide. CORISECIO GmbH - Uhlandstr Darmstadt - Germany -

Unity Connection Version 10.5 SAML SSO Configuration Example

Security Provider Integration SAML Single Sign-On

WebEx Connector. Version 2.0. User Guide

Google Auto User Provisioning

MyWorkDrive SAML v2.0 Azure AD Integration Guide

Setting Up Resources in VMware Identity Manager

Troubleshooting Single Sign-On

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Troubleshooting Single Sign-On

BEST PRACTICES GUIDE RSA MIGRATION MODULE

Setting Up the Server

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Adobe Primetime Adobe Primetime DRM On Premises Individualization Server Guide

Slack Connector. Version 2.0. User Guide

Five9 Plus Adapter for Agent Desktop Toolkit

All about SAML End-to-end Tableau and OKTA integration

Community Manager Guide: Jive Jabber Add-on

This section includes troubleshooting topics about single sign-on (SSO) issues.

3. Optionally, if you want to use the new Web SSO feature, complete the steps in Adding Web Single Sign-On Functionality.

Dropbox Connector. Version 2.0. User Guide

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Box Connector. Version 2.0. User Guide

Branch Deployment on TomCat Oracle FLEXCUBE Universal Banking Release [May] [2017]

Quick Start Guide for SAML SSO Access

Using vrealize Operations Tenant App as a Service Provider

McAfee Cloud Identity Manager

Transcription:

Java SAML Consumer Value-Added Module (VAM) Deployment Guide

Copyright Information 2018. SecureAuth is a copyright of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products and solutions, are copyrighted products of SecureAuth Corporation. Core Security is a copyright information of Core Security Corporation. May, 2018 For information on supporting this product, contact your SecureAuth sales representative: Email: support@secureauth.com Phone: +1.949.777.6959 or +1-866- 859-1526 Website: https://www.secureauth.com/support.aspx

Contents Overview 1 Deployment Environment 2 Deployment Steps 3 Testing SAML Handler Admin Web Application 5 Testing Tomcat Authenticator and SAML Handler 9 Update Warning 11

Overview This document details the method used for deploying the Java version of the SAML consumer value-added module (VAM) using the Java-compliant open source web environment Tomcat. The SAML Consumer Java version consists of three components: + SecureAuth Authenticator (Tomcat valve JAR file) + SAML Handler (Tomcat plugin JAR file) + SAML Admin (Web application WAR file) SecureAuth Authenticator can be used to authenticate users accessing protected web applications deployed in a Tomcat instance using a Tomcat valve. If the user is not authenticated, it sends a request to the SAML Handler to authenticate the user. The Authenticator also manages Single Sign On (SSO) between protected web applications. SAML Handler passes SAML requests to an IdP (SA appliance) for authentication, receives responses from the IdP, and sends these responses to the SecureAuth Authenticator. SAML Admin is a web application for configuring IdPs, application-idp mapping, and the Tomcat Valve. The remainder of this document describes the configuration required to deploy the SecureAuth Authenticator, SAML Handler, and SAML Admin web application to a Tomcat server. Overview 1

Java SAML Consumer Value-Added Deployment Environment This document assumes Apache Tomcat server has been installed with the default settings and is running at http://localhost:8080/. The list of files that must be deployed include: TABLE 1. Deployment Files File Deployed location Description sa-tomcatauthenticator.jar [CATALINA_HOME]/libs Tomcat Valve that passes requests to SamlHandler for protected applications sa-samlhandler.jar [CATALINA_HOME]/libs Sends SAML requests to an IdP, retrieves responses from the IdP, and authenticates the user admin-samlhandler.war [CATALINA_HOME]/webapps SAML admin web application for configuring IdPs and application-idp mapping valve.properties [CATALINA_HOME]/conf Tomcat valve configuration file server.xml [CATALINA_HOME]/conf Sample of Tomcat s server configuration file (updated with Valve) Deployment Environment 2

Java SAML Consumer Value-Added Module Deployment Steps 1. Stop Tomcat server, if it is running. 2. Copy valve.properties to Tomcat s conf directory. 3. Copy sa-tomcat-authenticator.jar and sa-samlhandler.jar to Tomcat s libs directory then double-click these two JAR files to extract all the compressed files from both. 4. Copy admin-samlhandler.war to Tomcat s webapps directory then double-click this WAR file to extract all the compressed files from it. 5. Configure the Tomcat Valve settings in this manner: a. From the Tomcat s conf directory, double-click to open server.xml. b. Add the following under the Host section (below SingleSignOn valve) of the XML file: <Valve classname="org.apache.catalina.authenticator.singlesignon" /> <Valve classname="org.apache.catalina.authenticator.secureauthauthenticator" valvepropertyloc="conf/valve.properties" /> For example, the server.xml file should look like this: <Host name="localhost" appbase="webapps" unpackwars="true" autodeploy="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <Valve classname="org.apache.catalina.authenticator.singlesignon" /> <Valve classname="org.apache.catalina.authenticator.secureauthauthenticator" valvepropertyloc="conf/valve.properties" /> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> c. Open valve.properties in Tomcat s conf directory. d. Make necessary adjustments according to your application requirements. For example, in place of the generic /examples/docs value for protected.context in the following example, specify the name of your own doc name (highlighted in yellow). Also indicate whether SSO is enabled or disabled. # Set protected applications # Use semicolon(;) separated list of protected apps (Use * if you want protect all apps) # Example: protected.contexts=/app1;/app2;/app3 protected.contexts=/examples/docs # Specify whether the SAMLHandler is placed in the same Tomcat instance which is protected by Valve samlhandler.in.same.instance=false Deployment Steps 3

Java SAML Consumer Value-Added # Set this property to true if you want SingleSignOn between the protected apps single.sign.on.enabled=false NOTE: If you set single.sign.on.enabled=false, it specifies that each protected application in your tomcat server can have a different IdP (based on app-idp mapping) for authentication. If you set this argument to single.sign.on.enabled=true, it indicates that you only need to authenticate once for all protect applications. Deployment Steps 4

Java SAML Consumer Value-Added Module Testing SAML Handler Admin Web Application 1. Start Tomcat server. 2. Verify that the deployed admin-samlhandler.war has created an admin-samlhandler folder under Tomcat s webapps directory with two pre-configured property files as shown in the example in Figure 1: samlhandler an IdP configuration file app-idp-mapping an Application-IdP mapping file FIGURE 1. Application - IdP Mapping File Example 3. Using a browser, open the local SAML admin site: http://localhost:8080/admin-samlhandler/ Testing SAML Handler Admin Web Application 5

Java SAML Consumer Value-Added You should see the SAML Admin Configuration screen like Figure 2: Click this link as described in Step 5 on page 7. FIGURE 2. SAML Admin Configuration Screen Example The preconfigured sample IdPs are displayed. Each IdP has a separate tab and fields, indicating the IdP name, the Identity Service URL, the name of the issuer, the SAML metadata file (if one has been uploaded) and the certificate. 4. Modify, delete, or add new IdPs as required. To add a new IdP: a. From the SAML Admin Configuration screen, click the Add New IdP button. A new IdP page appears with all the fields blank. b. Enter a value for each field. c. If a SAML metadata file is required, click Upload and navigate to the location of the metafile then click OK. d. If required, edit the certificate that appears in the Certificate field. Otherwise, leave it as it was populated. e. Check the available boxes as required. Set as Default IdP Validate SAML Message Validate SAML Assertion Check to indicate the selected IdP is the default IdP. Check to indicate that this IdP s SAML message is automatically validated. If you check this box, a certificate field like the one shown in the previous example appears. Check to indicate that this IdP s SAML assertion is automatically validated. If you check this box, a new certificate field appears that is used for the assertion of the SAML request. Testing SAML Handler Admin Web Application 6

Java SAML Consumer Value-Added Module f. When you ve entered all the required information, click the Save button. 5. With the selected IdP page displayed, click on the Application IdP Mapping link at the top of the page (see the call-out in Figure 2 on page 6) to open the Application-IdP Mapping screen as shown in Figure 3. FIGURE 3. Application-IdP Mapping Link Example Screen 6. Update, delete, or add new applications as required for this configuration. To add a new application: a. Click the Add New Application button. A new row in the application matrix appears. b. At the Application Name column, enter a name for the selected application. c. At the Application URL column, enter the URL where this selected application resides. d. At the IdP column, select from the drop-down list the IdP to which this application is linked. e. Click the Update button. The specified application is linked to the designated IdP. Any subsequent requests for the opening of the application will be handled by the designated IdP. Testing SAML Handler Admin Web Application 7

Java SAML Consumer Value-Added 7. Click on the Tomcat Valve Configuration link and the Tomcat Valve Configuration screen like the example in Figure 4. FIGURE 4. Tomcat Valve Configuration Screen 8. Make changes to this screen as required by entering information in the following fields: Protected Applications 9. When you are finished, click Save. Enter each protected application separated by a semicolon. The name of the application is specified in the Application Name column in Step 6 on page 7. All Applications Check this box if all applications defined in Step 6 on page 7 should be protected. Single Sign-On Check this box to enable SSO between the protected applications. Testing SAML Handler Admin Web Application 8

Java SAML Consumer Value-Added Module Testing Tomcat Authenticator and SAML Handler To test the Tomcat Authenticator and the SAML Handler, follow these steps. 1. Open a protected web application, for example: http://localhost:8080/examples/. The Tomcat authenticator redirects you to the IdP for authentication as shown in Figure 5. FIGURE 5. Tomcat Valve IdP Authentication Screen After successful authentication, you are redirected to the protected application as shown in Figure 6. FIGURE 6. Protected Application Example Testing Tomcat Authenticator and SAML Handler 9

Java SAML Consumer Value-Added This application references the Application URL defined for it in the Application-IdP Mapping screen (see Step 6 on page 7). 2. Open another protected web application, for example: http://localhost:8080/docs/. The Tomcat authenticator redirects you to another IdP (based on application-idp mapping) for authentication as shown in Figure 7. FIGURE 7. IdP Authentication Example 3. Similarly, after a successful authentication, you are redirected to the selected application as shown in Figure 8: FIGURE 8. Application Redirection Example Testing Tomcat Authenticator and SAML Handler 10

Java SAML Consumer Value-Added Module Update Warning The process of updating SecureAuth software to a newer version may cause these SecureAuth adapter changes to become invalid and the adapter itself to stop working. Until this feature is included in the main product, these customizations will need to be merged into any future updates. Please contact tailoringfrontline@secureauth.com before making any updates. Update Warning 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback