Foglight Evolve - SAML Relying Party Configuration - RSA Ready Implementation Guide

2 years ago

This article describes how to integrate RSA with Foglight Evolve using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Foglight Evolve.
Procedure

Sign in to RSA Cloud Administration Console.
Click Authentication Clients > Relying Parties.
On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.
On the Basic Information page, enter the name for the application in the Name field and click Next Step.
On the Authentication page, choose SecurID manages all authentication.
Select a Primary Authentication Method and Access Policy as required and click Next Step.
For providing Service Provider details select Import Metadata and click Choose File.
1. Select the file that is downloaded from the Service Provider.
2. Construct the URL to obtain Foglight Evolve metadata:
  https://<SystemIP address>:<port_number>/ console/saml2/metadata.xml
Review the ACS URL and Service Provider Entity ID values that are auto-filled.
Select the SP signs SAML requests checkbox and click Choose File and upload the certificate. Extract the Signing certificate manually from the service provider metadata file and save it as .pem file.
In the SAML Response Protection section, choose IdP signs entire SAML response.
Download the certificate by clicking Download Certificate.
Click Show Advanced Configuration.
Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.
Under the Attribute Extension section, add the following attribute.
1. Attribute Name: email
2. Attribute Source: Identity Source
3. Property: mail
Click Save and Finish.
On the My Relying Parties page, click the Edit drop-down icon and select the Metadata option to download the metadata.
Click Publish Changes. Your application is now enabled for SSO.

Configure Foglight Evolve

Perform these steps to configure Foglight Evolve.
Procedure

Log on to Foglight Evolve using administrator credentials.
In the left pane, click Administration.
Under Administration, click Users & Security.
Click SAML 2.0 Integration Settings.
Click Enable to enable SAML 2.0 SSO Configuration and click Edit Settings to provide Identity Provider details.
Provide the following details.
1. Identity Provider Entity ID: The entityID value that can be obtained from the metadata file downloaded from RSA.
2. Login URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
3. Logout URL: The SingleLogoutService value that can be obtained from the metadata file downloaded from RSA.
4. Attribute Key: Select email.
Under Identity Provider x.509 Signing Certificate, copy and paste the certificate downloaded from RSA and click Apply Configuration.
Navigate back to Administration > User & Security Management and click Manage Users, Group, Roles.
To add groups:
1. Under the Users section, select a Name (user).
2. In the Groups column, click Belongs to groups.
3. Assign user to groups as required by selecting the checkboxes.
4. Click Save.
To add roles:
1. Under the Users section, select a Name (user).
2. In the Roles column, click Take on roles.
Assign the user roles as required by selecting the checkboxes and click Save.