IronWiFi - SAML Relying Party Configuration - RSA Ready Implementation Guide
2 years ago
This article describes how to integrate RSA with IronWiFi using SAML Relying Party.
   

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to IronWiFi.
Procedure
  1. Sign in to RSA Cloud Administration Console. 
  2. Click Authentication Clients > Relying Parties.                                                                                                                                              image.png
  3. On the Relying Party Catalog page, click Add a Relying Party and click Add for Service Provider SAML.                                                image.png
  4. On the Basic Information page, enter the name for the application in the Name field and click Next Step.                                                   image.png
  5. On the Authentication page, choose SecurID manages all authentication.
  6. Select a Primary Authentication Method and Access Policy as required and click Next Step.                                                                  image.png
  7. Provide the Service Provider details in the following format: 
    1. ACS URL: https:// splash://ironwifi/api/signin/saml2?acs 
    2. Service Provider Entity ID: https:// splash://ironwifi/api/signin/saml2 
      Refer to the Configure IronWiFi section to obtain the ACS URL and Entity ID.                                                                                  image.png
  8. In the SAML Response Protection section, choose IdP signs assertion within response.
  9. Download the certificate by clicking Download Certificate.                                                                                                                             image.png
  10. Click Show Advanced Configuration.
  11. Under the User Identity section, configure Identifier Type and Property. For example, Identifier TypeAuto Detect and PropertyAuto Detect.                                                                                                                                                                  image.png
  12. Under the Attribute Extension section, add the following attributes.
    1. Attribute Name: LastName,  Attribute Source: Identity Source, Property: sn
    2. Attribute Name: FirstName,  Attribute Source: Identity Source, Property: givenName
    3. Attribute Name: Email,  Attribute Source: Identity Source, Property: mail
    4. Attribute Name: MobilePhone,  Attribute Source: Identity Source, Property: VOICE_PHONE                                                          image.png
  13. Click Save and Finish.
  14. On the My Relying Parties page, click the Edit drop-down icon and select the Metadata option to download the metadata.                       image.png
  15. Click Publish Changes. Your application is now enabled for SSO.                                                                                                               image.png    image.png
     

Configure IronWiFi

Perform these steps to configure IronWiFi.
Procedure
  1. Log on to IronWiFi account with administrator credentials.
  2. In the left pane, click Networks.                                                                                                                                                                      image.png
  3. In the Networks section, click New Network.                                                                                                                                                 image.png
  4. In the Create New Network section, provide the following details and click create.
    1. Name: Provide a unique name for your network.
    2. Primary Region: Select the region based on your requirements.                                                                        image.png
  5. Navigate to the Captive Portals section and click New Captive Portal.                                                                                                      image.png
  6. In the New Portal section, provide the following details and click Create.
    1. Name: Provide a unique name for your Name Portal.
    2. Network: Select the network that you created.                    
    3. Vendor: Select the vendor based on your requirements.                                                                                  image.png
  7. Under Captive Portal, click the portal that you have created.                                                                                                                   image.png
  8. Navigate to the Authentication Providers and click Add New.                                                                                                           image.png
  9. Provide the following details:
    1. Method: Select SAML 2.0 Single Sign-On.
    2. SP Reply URL: Copy the SP Reply URL and use it as the ACS URL in RSA.
    3. SP Entity ID: Copy the SP Entity ID and use it as Entity ID in RSA.                                                                                       image.png
  10. Provide the following details and click create.
    1. IdP SSO URL: The SingleSignOnService value that can be obtained from the metadata file downloaded from RSA.
    2. IdP Entity ID: The entityID value that can be obtained from the metadata file downloaded from RSA.
    3. Certificate: Copy and paste the certificate downloaded from RSA.
    4. MAC-Based Reauthentication: Select Enabled.                                                                                         image.png
  11. Use the Splash page URL as the designated Login URL.                                                                                                                              image.png

The configuration is complete.
Return to IronWiFi - RSA Ready Implementation Guide.
 

Related Articles

Trending Articles

Don't see what you're looking for?