IBM Security Access Manager 9.0 - Federation Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development on Jul 30, 2019
Version 1Show Document
  • View in full screen mode

Follow the instruction steps in this section to apply your Relying Party and SSO Agent configuration to IBM Security Access Manager Federation.

 

Before you begin: Configure the integration type that your use case will employ. Refer to the Integration Configuration Summary section for more information.

Procedure

1. Log in to the local management interface of the appliance.

2. Browse to Secure Web Settings > Manage > Reverse Proxy.

3. Select the reverse proxy server instance that was added in prerequisites and click Manage > AAC and Federation Configuration > Federation.

4. On the Federation Management window, click Add.

5. Add Federation to Reverse Proxy window,

  1. On the Main tab, click Next.

  1. On the Runtime tab, enter password for easuser in the Password field and click Next.

  1. On the Federation tab, select the federation instance from Federation drop-down list and click Next.

  1. On the Reuse Options tab, click Finish.

6. On the Federation Management window, click Close.

7. Deploy changes

8. Next Step is to configure Point of Contact profile to configure user access.

 

Configure Point of Contact Profile

1. On the local management interface, browse to Secure Federation > Global Setting > Point of contact.

2. On the Point of Contact page, select Current Profile as either,

  1. Access Manager Username and extended attributes to allow only known, preregistered users perform single sign-on into the service provider.
  2. Access Manager Credential to allow all authenticated users to sign-on to the service provider.

3. Click Set As Current.

4. Deploy changes.

 

Single Sign-on URL:

Use the below URL syntax to access the protected resource using federation.

https://<isam_hostname>:<port_number>/<junction_name>/sps/<federation_name>/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=<provider_ID>&NameIdFormat=Email&Target=https://<target_application_location>

Where:

  • isam_hostname is the host name of the reverse proxy server.
  • port_number is the port number of the reverse proxy server.
  • junction_name is the name of the junction configured for the reverse proxy server.
  • federation_name is the name of the federation that was created on the service provider.
  • provider_ID is the identity provider ID.
  • target_application_location is the application that a user can log on to using single sign-on.

Example:

URL for access through Relying Party

https://vm2006.pe.rsa.net/isam/sps/saml20sp/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=https://rsa-blr-pe.auth-demo.securid.com/saml-fe/sso&NameIdFormat=Email&Target=https://vm2006.pe.rsa.net/isam/mobile-demo/diag/

URL for access through SSO agent

https://vm2006.pe.rsa.net/isam/sps/saml20sp/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=1bi8k353zt2sz&NameIdFormat=Email&Target=https://vm2006.pe.rsa.net/isam/mobile-demo/diag/

 

Head back to the main page for more certification related information.

 

Attachments

    Outcomes