This article describes how to integrate Cloud Access Service (CAS) with HPE Aruba Clearpass using My Page SSO.

Configure CAS

Perform these steps to configure CAS using My Page SSO.
Procedure

1. Sign in to RSA Cloud Administration Console, and navigate to Applications > Application Catalog.
2. Click Create from Template, and then click Select next to SAML Direct.

3. From the Basic Information section, choose Cloud.
4. Enter the Name for the application and click Next Step.

5. On the Connection Profile page, navigate to Initiate SAML Workflow section, and choose IdP-initiated.
6. In Data Input Method, you'll have the option to import metadata.
7. Click Choose File and navigate to select the SP metadata.xml file provided by the HPE Aruba ClearPass configuration.
8. Go to the Service Provider section, and the following fields will be auto populated from the metadata, but ensure they are in the following format:
   1. Assertion Consumer Service (ACS) URL: https://<aruba-clearpass-hostname>/networkservices/saml2/sp/acs
   2. Service Provider Entity ID: https://<aruba-clearpass-hostname>/networkservices/saml2/sp

9. In the Identity Provider section, take note of the Identity Provider URL, as this value will be required later in the Clearpass configuration.
10. In the Message Protection section, choose IdP signs entire SAML response.
11. Click Download Certificate to download the certificate, which will be required for the HPE Aruba ClearPass configuration.

12. In the User Identity section, select Identifier Type as emailAddress and Property as mail.

13. Click Next Step.
14. On the User Access page, choose the access policy you want to use to determine which users can access the application, then click Next Step.

15. On the Portal Display page, configure the portal display and other settings. Then click Next Step.
16. On the Fulfillment page, configure your preferred settings or leave the Fulfillment toggle button disabled as it is, then click Save and Finish.
17. Click Publish Changes and wait for the operation to be completed.

18. After publishing, your application is now enabled for SSO. 

Configure HPE Aruba Clearpass

Perform these steps to configure HPE Aruba Clearpass.

Procedure

1. Log in to ClearPass Policy Manager as an administrator.
2. Go to Administration > Certificates > Trust List.

3. Click Add. 

4. In the Certificate File field, select the downloaded certificate during the RSA Cloud Access Service configuration. 
5. Set the Usage field to SAML from the dropdown list, then click Add Certificate.

6. Navigate to Configuration > Identity > Single Sign-On (SSO).

7. Enter the Identity Provider URL copied from RSA Cloud Access Service configuration in the Identity Provider (IdP) URL field.
8. Select the necessary applications for your use cases from the Enable SSO for options. Only GuestOperators is currently enabled.

Note: Ensure that SSO is functioning correctly for Guest or Insight before enabling it for PolicyManager.

9. Click Download to retrieve the ClearPass Service Provider (SP) metadata.

10. From the Select Certificate dropdown list, choose the RSA Cloud Access Service certificate that was previously uploaded to the Certificate Trust List.

11. Click Update to save the configuration.
12. Navigate to Configuration > Service Templates & Wizards > Select ClearPass Admin SSO Login (SAML SP Service). 

13. Enter a Name Prefix. For example, rsaready or select a previously configured prefix from the dropdown list, then click Next.

14. Select the application(s) for which SAML-based Single Sign-On (SSO) should be enabled.
15.  Ensure your selections match the options that were previously enabled for SSO during the SAML SP configuration.
16. Click Add Service.

The configuration is complete.