Install the Integrated Windows Authentication Connector

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 17Show Document
  • View in full screen mode
  

As part of the process to enable Integrated Windows Authentication (IWA), you must install and configure the RSA SecurID Access IWA Connector on a Windows Server 2008 R2 or Windows Server 2012 R2 server connected to your RSA SecurID Access deployment.

Before you begin 

  • You must be a Super Admin in the Cloud Administration Console.
  • You must have system administrator rights on the server where you want to install IWA.
  • The following must be installed and configured on the server where you want to install IWA:
    • Windows Server 2008 R2 or Windows Server 2012 R2
    • .NET Framework 4.5
    • ASP.NET 4.5
    • Internet Information Services (IIS) 7 with the following capabilities:

      IIS Features:

      • .NET Framework 4.5
      • ASP.NET 4.5
      • HTTPS Binding Enabled in IIS with a valid SSL certificate

      IIS Role Components:

      • Application Development > ASP
      • Application Development > ASP.NET 4.5
      • Security > Windows Authentication
      • Management Tools > IIS6 Management Compatibility
  • You must have access to a personal information exchange (.pfx) file generated from matching private key (.key) and certificate (.pem) files. You can issue the certificate and private key using your own company infrastructure, or from the Cloud Administration Console. For instructions, see Generate and Download a Certificate Bundle for Service Providers and Identity Providers for the SSO Agent. You can then use a third-party SSL toolkit to generate the .pfx file. The certificate must not have a password.
  • Download the Integrated Windows Authentication Connector Installer.

Procedure 

 
  1. On the server where you are installing the RSA SecurID Access IWA Connector, navigate to the RSASecurIDAccessIWASetup.msi file and double-click it to launch the installer wizard.
  2. When the installer wizard opens, click Next.
  3. From the Site drop-down list, select Default Web Site.
  4. In the Virtual Directory field, enter RSASecurIDAccessIWAConnector.
  5. From the Application Pool drop-down list, select DefaultAppPool.
  6. Click Next.
  7. Click Next to start the installation.
  8. In the Audience URL field, enter an Audience URL for the RSA SecurID Access IWA Connector.
    This value must match the Audience URL you specify for the IWA IdP in the Cloud Administration Console.
    Use the format https://<identity_router_URL>/SPServlet?sp_id=<uniqueID>
    where:
    • <identity_router_URL> is either the URL of the identity router, or the virtual hostname of the load balancer for a cluster of identity routers.
    • <uniqueID> is a unique identifier for the IWA IdP, for example, RSASecurIDAccessIWA.
  9. In the Issuer ID field, enter an Issuer ID for the RSA SecurID Access IWA Connector. The Issuer ID must be an alphanumeric string with no special characters.
    This value must match the Issuer ID you specify for the IWA IdP in the Cloud Administration Console.
  10. In the Audience ID field, enter an Audience ID for the RSA SecurID Access IWA Connector. The Audience ID must be an alphanumeric string with no special characters.
    This value must match the Audience ID you specify for the IWA IdP in the Cloud Administration Console.
  11. From the User Identifier (Name ID) drop-down list, select the Active Directory attribute that the IWA provider will send to the identity router during authentication. This attribute identifies the user to the identity router. Select the value that corresponds to the User Tag specified for the identity source in the Cloud Administration Console. Use the following table to identify the correct value.                                       
    Active Directory ValueIWA Connector Installer Value
    sAMAccountName Username
    cn CommonName
    mail Email
    userPrincipalName userPrincipalName
    objectGUID objectGUID
    distinguishedName distinguishedName
    objectSid objectSid
  12. In the Issuer Signing Certificate field, browse to the .pfx certificate and select it.
  13. Click Submit to save your changes.
  14. Click Close.

 

 

You are here
Table of Contents > Integrated Windows Authentication > Install the Integrated Windows Authentication Connector

Attachments

    Outcomes