IronWiFi - SAML My Page SSO Configuration - RSA Ready Implementation Guide
Configure RSA Cloud Authentication Service
Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.Procedure
- Enable My Page SSO by accessing the RSA Cloud Administration Console > Access > My Page > Single Sign-On (SSO). Ensure it is enabled and protected using two-factor authentication - Password and Access Policy.
- On the Applications > Application Catalog page, click Create From Template.
- Click Select for SAML Direct.
- On the Basic Information page, enter a name for the configuration in the Name field and click Next Step.
- On the Connection Profile page:
- Click the SP-initiated option.
- In the Connection URL field, provide the landing URL - https://console.ironwifi.com/api/index?#/dashboard.
- Provide the Service Provider details in the following format:
- ACS URL: https://splash://ironwifi/api/signin/saml2?acs
- Service Provider Entity ID: https://splash://ironwifi/api/signin/saml2
Refer to the Configure IronWiFi section to obtain the ACS URL and Entity ID.
- In the SAML Response Protection section, choose IdP signs assertion within response.
- Download the certificate by clicking Download Certificate.
- Click Show Advanced Configuration.
- Under the User Identity section, configure Identifier Type and Property. For example, Identifier Type: Auto Detect and Property: Auto Detect.
- Under the Statement Attributes section, add the following attributes.
- Attribute Name: LastName, Attribute Source: Identity Source, Property: sn
- Attribute Name: FirstName, Attribute Source: Identity Source, Property: givenName
- Attribute Name: Email, Attribute Source: Identity Source, Property: mail
- Attribute Name: MobilePhone, Attribute Source: Identity Source, Property: VOICE_PHONE
- Click Next Step.
- Choose your desired Access Policy for this application and click Next Step > Save and Finish.
- On the My Applications page, click the Edit drop-down icon and select Export Metadata to download the metadata.
- Click Publish Changes. Your application is now enabled for SSO.
Configure IronWiFi
Perform these steps to configure IronWiFi.Procedure
- Log on to IronWiFi account with administrator credentials.
- In the left pane, click Networks.
- In the Networks section, click New Network.
- In the Create New Network section, provide the following details and click create.
- Name: Provide a unique name for your network.
- Primary Region: Select the region based on your requirements.
- Navigate to the Captive Portals section and click New Captive Portal.
- In the New Portal section, provide the following details and click Create.
- Name: Provide a unique name for your Name Portal.
- Network: Select the network that you created.
- Vendor: Select the vendor based on your requirements.
- Under Captive Portal, click the portal that you have created.
- Navigate to the Authentication Providers and click Add New.
- Provide the following details:
- Method: Select SAML 2.0 Single Sign-On.
- SP Reply URL: Copy the SP Reply URL and use it as the ACS URL in RSA.
- SP Entity ID: Copy the SP Entity ID and use it as Entity ID in RSA.
- Provide the following details and click create.
- IdP SSO URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
- IdP Entity ID: The entityID value that can be obtained from the metadata file downloaded from RSA.
- Certificate: Copy and paste the certificate downloaded from RSA.
- MAC-Based Reauthentication: Select Enabled.
- Use the Splash page URL as the designated Login URL.
The configuration is complete.
Return to IronWiFi - RSA Ready Implementation Guide.
