Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version 4

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

This page describes the requirements and tasks for installing the External Discovery in an Ubisecure Trust. The result of the installation described in this page is a working environment which uses an External Discovery service in a Ubisecure system.

The SSO Installation Guide contains instructions for installing the Ubisecure SSO Server.

...

The process is described in Figure 1.

  1. A user attempts to access an internet service protected by a SAML SP.
  2. The user is redirected to Ubisecure SSO configured as a SAML IDP Proxy.
  3. Typically the user is redirected immediately to step 4. If more than one authentication technique is configured, the user can choose. For example, if both federated users as well as local users can access the SP, a login screen may be shown.
  4. The user is redirected to the third-party discovery service.
  5. The user makes a selection from the list (or the selection is made automatically using various techniques).
  6. The user is redirected to back to Ubisecure SSO.
  7. Ubisecure SSO sends an authentication request to the IDP selected by the user.

Figure 1. External Discovery process flow

Figure 2 below contains an example third-party discovery service.

...

  1. Open the Ubisecure Management application. (Please note that your Ubisecure Server Management view may have different content than shown in the sample pictures, depending on the Ubisecure SSO configuration and your user rights.)
  2. Go to Home > Methods >  → Global Method Settings → New Method…
  3. Complete the following details in the Add New Method pop-up (see Figure 3):
    1. Title: Enter human readable name (Typically the name of Federation Network)
      This name is used by default in the user interface if no localization is available.
    2. Name: Enter unique method name. e.g. discovery.federationnetworkname
    3. Method Type: Select Discovery from the drop down menu.

    4. Method Class: The Class is automatically entered from the previous selection.

      Image RemovedImage Added

      Figure 3. Adding External Discovery Method


  4. Click OK. The Main tab of the External Discovery method will be shown. Add the following two lines to the Configuration String field. 

    DiscoveryService: The URL to the third-party discovery service 
    isPassive: Set to false for third-party discovery services, to permit interactive selection

    Example: 

    Code Block
    languagetextthemeRDark
    DiscoveryService = https://anydomain.com/ExternalDiscoveryService
IsPassive = false

    Ensure that the Enabled checkbox under Status section is selected.
    Ensure that the Hidden checkbox under Status section is NOT selected.
    Click the Update button.

    Image RemovedImage Added

    Figure 4. Configuring the External Discovery authentication method settings


  5. Start adding a new authentication method by selecting the site (in the sample picture System) >  → Site Methods >  → Add Method.

    Image RemovedImage Added

    Figure 5. Adding a new authentication method for a site


  6. Select Method window opens.
    Select the checkbox of the desired authentication method (in this case External Discovery) and click OK.

  7. Add a new authentication method to a web agentapplication.
    Select Agents Application and click on an agent name (in this example Test Agent) in the Site AgentsApplications list.

    Image RemovedImage Added

    Figure 6. Selecting a web agent


  8. Ubisecure Web Agent view opens.
    Select Allowed Methods from the top menu.
    Select the checkbox of the desired authentication method (in this case External Discovery) and click Update.
    Note that all IDPs should also be added as valid authentication methods for the agent. IDPs that are accessed through the Discovery Service should be set to Hidden. Hidden authentication methods will not show in the Ubisecure IDP selection screen.

  9. You can now test that the authentication method functions by going to the Ubisecure application you selected (for example, https://test.example.com:8443/testagent ) and selecting the method you created under "Sign in using a provider".

    Figure 7. Signing in using the External Discovery


  10. Clicking on the External Discovery button will redirect the browser to the third-party discovery service for IDP selection. After selection, the user will be returned to the UAS server which will generate an authentication request to the selected IDP.If External Discovery is the only non-hidden authentication method enabled for an agent, it will be selected automatically. The screen in Figure 7 will not be shown.