F5 BIG-IP APM - SAML Relying Party Configuration - RSA Ready Implementation Guide
a year ago
Originally Published: 2019-06-25

This article describes how to integrate RSA with F5 BIG-IP APM using SAML Relying Party. 

     

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as a Relying Party to F5 BIG-IP APM
Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Click Authentication Clients > Relying Parties.
  3. On the My Relying Parties page, click Add a Relying Party
  4. On the Relying Party Catalog page, click Add for Service Provider SAML
  5. On the Basic Information page, enter a name for the Service Provider in the Name field.
  6. Click Next Step.
  7. On the Authentication page, choose SecurID Access manages all authentication.
  8. In the 2.0 Access Policy for Authentication drop-down list, select a policy that was previously configured. 
  9. Click Next Step.
  10. On the Connection Profile page, select Enter Manually
  11. Scroll down to the Service Provider section and enter the following details:
    1. ACS URL: https://Virtual machine domain name/post/acs
    2. Service Provider Entity ID: Enter https://<VIRTUAL-SERVER> 
  12. For Audience for SAML Response, proceed with the Default: Service Provider Entity ID option.
  13. For SAML Response Protection, choose IdP signs entire SAML response.
  14. Click Download Certificate and save the certificate.
    This certificate is required for SAML configuration in F5 BIG-IP APM.
  15. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
      Note: Property must be mapped in F5 BIG-IP APM portal.
  16. Click Save and Finish.
  17. Locate the created application on the Relying Parties page and click the drop-down arrow next to Edit > Metadata > Download Metadata File.
  18. Click Publish Changes and wait for the operation to be completed.

    After publishing, your application is now enabled for SSO. 

     

Configure F5 BIG-IP APM

Perform these steps to integrate F5 BIGIP APM with RSA as a Relying Party.
Procedure

  1. Sign in to the BIG-IP Configuration Utility and click System > Certificate Management > Traffic Certificate Management > SSL Certificate List > Import.
  2. In the Import Type drop-down list, select Certificate.
  3. Enter the following details:
    1. Certificate Name: Choose New and enter a suitable name for the certificate.
    2. Certificate Source: Choose Upload File, click Choose File, and select the certificate downloaded in the Cloud Authentication Service configuration.
    3. Click import.
  4. Click Access > Federation > SAML Service Provider > External IdP Connectors.
  5. Click Create.
  6. On the Create New SAML IdP Connector window, under the General Settings tab, do the following:
    1. Name: Suitable name for this IdP Connector.
    2. IdP Entity ID: Enter the Issuer Entity ID obtained from the Cloud Authentication Service configuration.
  7. On the Create New SAML IdP Connector window, under Single Sign On Service Settings, do the following:
    1. Single Sign On Service URL: Enter the Identity Provider URL obtained from the Cloud Authentication Service configuration.
    2. Single Sign On Service Binding: Select POST in the the drop-down list.
  8. On the Create New SAML IdP Connector window, under Assertion Settings, select Identity Location as Subject in the drop-down list.
  9. On the Create New SAML IdP Connector window, under Security Settings, select the certificate imported from the IdP's Assertion Validation Certificate drop-down list.
  10. Click OK to complete the external IDP connectors.
  11. Click Access > Federation > SAML Service Provider > Local SP Services.
  12. Click Create.
  13. On the Create New SAML SP Service window, under General Settings, do the following:
    1. Name: Enter a suitable name for the SAML SP service.
    2. Entity ID: Enter https://<VIRTUAL-SERVER> replacing <VIRTUAL-SERVER> with the IP address or hostname of your Virtual Server as configured in F5. This should be the same as the Service Provider Entity ID as entered in the Cloud Authentication Service configuration.
  14. On the Local SP Services page, select the checkbox corresponding to the Service Provider.
  15. Click Bind/Unbind IdP Connectors at the bottom of the page.
  16. On the Edit SAML IdPs that use this SP window, click Add New Row.
  17. In the SAML IdP Connectors drop-down list, select the Connector created in the preceding section, and then click OK.

 

The configuration is complete.

Return to F5 BIG-IP APM - RSA Ready Implementation Guide.

Related Articles

Trending Articles

Don't see what you're looking for?