Foglight for Databases - SAML My Page SSO Configuration - RSA Ready Implementation Guide
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.Procedure
- Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
- On the Applications > Application Catalog page, click Create From Template.
- Click Select for SAML Direct.
- On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
- On the Connection Profile page, click the IdP-initiated option.
- For providing Service Provider details, select Import Metadata and click Choose File.
- Select the file that is downloaded from the Service Provider.
- Construct the URL to obtain Foglight for Databases metadata.
https://<SystemIP address>:<Port Number> console/saml2/metadata.xml
- Review the ACS URL and Service Provider Entity ID values that will be auto-filled.
The SP signs SAML requests checkbox and the certificate will be auto-filled.
- In the SAML Response Protection section, choose IdP signs assertion within response.
- Download the certificate by clicking Download Certificate.
- Click Show Advanced Configuration.
- Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.
- Under the Statement Attributes section, add the following attribute.
- Attribute Name: email
- Attribute Source: Identity Source
- Property: mail
- Click Next Step.
- Choose your desired Access Policy for this application and click Next Step > Save and Finish.
- On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.
- Click Publish Changes. Your application is now enabled for SSO.
Configure Foglight for Databases
Perform these steps to configure Foglight for Databases.Procedure
- Log on to Foglight for Databases as an administrator.
- Go to Administration on the left pane of the console and click Users & Security under the Administer Server tab.
- Click SMAL 2.0 Integration Settings.
- Click Enable to enable SAML 2.0 SSO Configuration and click Edit Settings to provide Identity Provider details.
- Provide the following details and click Apply Configuration.
- Identity Provider Entity ID: The entityID value that can be obtained from the metadata file downloaded from RSA.
- Login URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
- Logout URL: The SingleLogoutService value that can be obtained from the metadata file downloaded from RSA.
- Attribute Key: Value as ‘email’.
- Identity Provider x.509 Signing Certificate: Copy and paste the certificate downloaded from RSA.
- Navigate to Administration > Users & Security Management and click Manage Users, Groups, Roles.
- To add groups:
- Under the Users section, select a Name (user).
- In the Groups column, click Belongs to groups.
- Assign the user to groups as required by selecting the checkboxes and click Save.
- To add roles:
- Under the Users section select a Name (user).
- In the Roles column, click Take on roles.
- Assign the user roles as required by selecting the checkboxes and click Save.
Return to Foglight for Databases - RSA Ready Implementation Guide.
