Replicon - SAML SSO Agent Configuration - SecurID Access Implementation Guide

This section describes how to integrate SecurID Access with Replicon using a SAML SSO Agent.

Architecture Diagram

Configure SecurID Access Cloud Authentication Service

Perform these steps to configure SecurID Access Cloud Authentication Service as an SSO Agent SAML IdP to Replicon.

Procedure

1. Sign into the Cloud Administration Console and browse to Applications > Application Catalog.

2. From the list of applications, search for Replicon and click +Add.

3. On Basic Information page enter a Name for the application, ie. Replicon Then click on Next Step.

4. On Connection Profile page.

   1. In Connection URL field, verify the default setting

   2. Choose SP-Initiated and select POST.

      

       

   3. Scroll down to SAML Identity Provider (Issuer) section.

   4. Note the Identity Provider URL and Issuer Entity ID. These values are automatically generated. They may be needed later for the configuration of Replicon

   5. Click on Generate Cert Bundle, set a a common name for your company certificate. Then click Generate and Download

   6. Select Choose File and upload the private key from the generated certificate bundle

   7. Select Choose File and upload the cert from the generated certificate bundle

   8. Select Include Certificate on Outgoing Assertion

      

       

   9. Scroll down to Service Provider section.

   10. Access the Replicon metadata file to obtain the ACS and SP Entity ID. The Metadat file can be found at https://global.replicon.com/!/saml2/<YourCompanyKey>. Where YourCompanyKey is specific to your Replicon instance. See Replicon documentation for more information, https://www.replicon.com/help/manually-configuring-your-saml-20-identity-provider/

   11. Enter the Assertion Consumer Service (ACS) From the Replicon service provider Metadata file enter the ACS value. For example, https://global.replicon.com/!/saml2/MyRSA/sso/post

   12. Enter the Audience (Service Provider Entity ID) From the Replicon service provider Metadata file enter the Audience (Service Provider Entity ID). For example, https://global.replicon.com/!/saml2/MyRSA.

       

        

   13. Scroll down to User Identity section

   14. Ensure Identifier Type = Email Address, set your Identity Source and Property = mail

       

        

   15. Click Next Step

5. On User Access page select the Access Policy you require. Allow All Authenticated Users is the least restrictive. Click Next Step

   

    

6. On Portal Display Page

   1. Select Display in Portal

   2. Upload an Application Icon if you wish

   3. Set an Application Tooltip if you wish.

   4. Click on Save and Finish

7. Click on Publish Changes. Your application is now enabled for SSO. If you make any additional changes to the application configuration you will need to republish.

   

    

8. Browse to Application > My Applications

9. Locate newly create application for Replicon

10. Click on Down Arrow next to Edit button

11. Select Export Metadata data. This will be used below for Replicon configuration.

Configure Replicon

Perform these steps to integrate Replicon with SecurID Access as a SAML SSO Agent.

Procedure

1. Sign into Replicon your administration console .

   browse to Administration > System and Security > Security Settings.

2. In the Authentication Provider Section click on Add Authentication Provider.

3. Select Provider Type as SAML 2.

4. For both the SSO HTTP Post URL and the SLO HTTP Redirect URL enter the value for the Identity Provider URL noted above. For example, https://portal.sso.pe.rsa.net/IdPServlet?idp_id=142qjs7t05trr

5. For XML Signature Algorithm select SHA256.

6. For Public Key upload the cert.pem file generated from the certificate bundle above in SecurID Access Cloud Authentication Service configuration above.

7. Click on Upload a new SAML Metadata File and choose the file Metadata XML file downloaded above

8. Click on Save.

Configuration is complete.

Next Step: See main page for more certification information.