Foglight Evolve - SAML My Page SSO Configuration - RSA Ready Implementation Guide

2 years ago

This article describes how to integrate Foglight Evolve with RSA Cloud Authentication Service using My Page SSO.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure

Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
On the Applications > Application Catalog page, click Create From Template.
Click Select for SAML Direct.
On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
On the Connection Profile page, click the IdP-initiated option.
For providing Service Provider details select Import Metadata and click Choose File.
1. Select the file that is downloaded from the Service Provider.
2. Construct the URL to obtain Foglight Evolve metadata:
  https://<SystemIP address>:<port_number>/ console/saml2/metadata.xml
Review the ACS URL and Service Provider Entity ID values that are auto-filled.
Select the SP signs SAML requests checkbox and click Choose File and upload the certificate. Extract the Signing certificate manually from the service provider metadata file and save it as .pem file.
In the SAML Response Protection section, choose IdP signs entire SAML response.
Download the certificate by clicking Download Certificate.
Click Show Advanced Configuration.
Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.
Under the Statement Attributes section, add the following attribute.
1. Attribute Name: email
2. Attribute Source: Identity Source
3. Property: mail
Click Next Step.
Choose your desired Access Policy for this application and click Next Step > Save and Finish.
On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.
Click Publish Changes. Your application is now enabled for SSO.

Configure Foglight Evolve

Perform these steps to configure Foglight Evolve.
Procedure

Log on to Foglight Evolve using administrator credentials.
In the left pane, click Administration.
Under Administration, click Users & Security.
Click SAML 2.0 Integration Settings.
Click Enable to enable SAML 2.0 SSO Configuration and click Edit Settings to provide Identity Provider details.
Provide the following details.
1. Identity Provider Entity ID: The entityID value that can be obtained from the metadata file downloaded from RSA.
2. Login URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
3. Logout URL: The SingleLogoutService value that can be obtained from the metadata file downloaded from RSA.
4. Attribute Key: Select email.
Under Identity Provider x.509 Signing Certificate, copy and paste the certificate downloaded from RSA and click Apply Configuration.
Navigate back to Administration > User & Security Management and click Manage Users, Group, Roles.
To add groups:
1. Under the Users section, select a Name (user).
2. In the Groups column, click Belongs to groups.
3. Assign user to groups as required by selecting the checkboxes.
4. Click Save.
To add roles:
1. Under the Users section, select a Name (user).
2. In the Roles column, click Take on roles.
Assign the user roles as required by selecting the checkboxes and click Save.