IBM Resilient - SAML My Page SSO Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate IBM Resilient with RSA Cloud Authentication Service using My Page SSO.
 

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure
  1. Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.                                                                                     image.png
  2. On the Applications > Application Catalog page, click Create from Template.                                                                                     image.png
  3. Click Select for SAML Direct.                                                                                                                                                                   image.png
  4. On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.                                          image.png
  5. On the Connection Profile page, click the IdP-initiated option.                                                                                                                image.png
  6. For providing Service Provider details:
    1. Select Import Metadata and click Choose File.  
    2. Select the file that is downloaded from the Service Provider.
      Refer to the Configure IBM Resilient section to download the metadata.                                                                                          image.png
  7. Review the ACS URL and Service Provider Entity ID values that are auto-filled.                                                                                     image.png 
  8. Retain the SP signs SAML request and Encrypt Assertion checkbox selections.                                                                     image.png      image.png
  9. In the SAML Response Protection section, choose IdP signs assertion within response.
  10. Download the certificate by clicking Download Certificate.                                                                                                                        image.png
  11. Click Show Advanced Configuration.
  12. Under the User Identity section, configure Identifier Type and Property. For example, Identifier TypeAuto Detect and PropertyAuto Detect.                                                                                                                                                                 image.png
  13. Under the Statement Attributes section, add the attributes as shown in the following figure.                                                                   image.png
  14. Click Next Step.
  15. Choose your desired Access Policy for this application and click Next Step > Save and Finish.                                                             image.png
  16. On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.                        image.png
  17. Click Publish Changes. Your application is now enabled for SSO.                                                                                                             image.png   image.png
 

Configure IBM Resilient

Perform these steps to configure IBM Resilient.
Procedure
  1. Log on to the IBM Resilient terminal using the administrator credentials.
  2. Create a SAML federation by running the following command - sudo resutil samledit -alias <alias_name> -certfile <certfile.pem> -org "<org_name>" -createusers -loginurl <idp_login_url>
    1. alias_name - Provide a unique name for creating a SAML federation. 
    2. certfile.pem - Provide the downloaded certificate from RSA.
    3. org_name - Provide the IBM Resilient SOAR platform organization name.
    4. idp_login_url – The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.            image.png                                                                                           The preceding command also prints the SAML federation details to the console and writes the following files.                                        <alias>-metadata.xml - SAML XML metadata that can be imported into RSA to complete the configuration.
       <alias>-sp-cert.pem - Service Provider certificate that was automatically generated.                                                                      image.png
  3. Copy <alias>-metadata.xml SAML metadata file by running the following command - cat <alias>-metadata.xml. Copy and save the .xml file that is used to configure RSA.                                                                                                                                                                      image.png
  4. After the SAML in the Identity Provider is configured, check the SAML configuration by running the following command.                           image.png

Example:
image.png

The configuration is complete.
Return to IBM Resilient - RSA Ready Implementation Guide.

Related Articles

Trending Articles

Don't see what you're looking for?