WSO2 Identity Server - SAML My Page SSO Configuration - RSA Ready Implementation Guide
10 months ago

This article describes how to integrate WSO2 Identity Server with RSA Cloud Authentication Service (CAS) using My Page SSO.

  
Configure CAS

Perform these steps to configure CAS using My Page SSO.

Procedure 

  1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
  2. Click Create From Template and click Select for SAML Direct.
  3. On the Basic Information page, choose Cloud.
  4. Enter a name for the application and click Next Step.
  5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose IdP-initiated.
  6. Scroll down to the Service Provider section and enter the following details:
    1. ACS URL: https://<WSO2_IS_IP_address>:<Port for IS>/commonauth
    2. Service Provider Entity ID: Same as SP Entity ID configured in WSO2 Identity Server
  7. Under Show IdP Advanced Configuration, proceed with the Default option for Identity Provider Entity ID and Audience for SAML Response.
  8. Under the Message Protection section, in the SAML Response Protection section, choose IdP signs assertion within response
  9. Download the certificate by clicking Download Certificate.
  10. Scroll down to the User Identity section and select the following values:
    1. Identifier Type: Auto Detect
    2. Property: Auto Detect

  11. Click Next Step.
  12. In the Access Policy section, choose the policy for the application in the drop-down list.
  13. Click Next Step and click Save and Finish.
  14. On the My Applications page, for the created application, click the drop-down arrow next to Edit and choose Export Metadata.
  15. Click Publish Changes and wait for the operation to be completed.

    Your application is now enabled for SSO. 

  

Configure WSO2 Identity Server

Perform these steps to configure WSO2 Identity Server.
Procedure

  1. Log on to the admin portal, Carbon interface of WSO2 Identity Server.
  2. Navigate to Main > Identity > Identity Providers and click Add.
  3. In the Basic Information section, provide Identity Provider Name, Display Name (optional), and Description (optional).
  4. Scroll down and expand Federated Authenticators.
  5. Expand the SAML2 Web SSO Configuration section.
  6. Enable SAML2 Web SSO and choose a Service Provider Entity ID. This should match the Service Provider Entity ID created in RSA. 
  7. Retain the NameID format as default.
  8. Choose Metadata File Configuration as Select Mode
  9. Under Upload ID Provider from Metadata File and click Choose File.
  10. Select the metadata file downloaded earlier from RSA and click Register. The Identity Provider will be added to the Identity Providers list. 
  11. Navigate to the newly added identity provider and expand the Federated Authenticators > SAML2 Web SSO Configuration section.
  12. Select the Enable Assertion Signing checkbox. 
  13. Scroll down and click Update.
  14. Navigate to Main > Identity > Service Providers and click List
  15. Choose a service provider from the list. This service provider is the one configured to authenticate with WSO2. This will be configured to trust RSA as an external identity provider.
  16. Scroll down and expand Local & Outbound Authentication Configuration.
  17. Choose Federated Authentication as the Authentication Type.
  18. Choose the identity provider configured earlier from the drop-down list and click Update.

 

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?