Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

...

This service provider configuration is performed for each application to be protected on the server.

Create the SAML Service Provider identity

The SAML Service Provider identity consists of an Entity ID, an RSA private key and a HTTP endpoint address. The Entity ID and private key are used to identify and authenticate the Service Provider to the Ubisecure Identity Provider. The HTTP endpoint is used by the Ubisecure IDP to submit protocol messages to the Service Provider.

...

The address parameter used when generating the identity is case sensitive. Ensure that your application name in IIS matches the case used in this command. Failure to match case at this point may cause incorrect redirection after authentication has been completed.

Associate the SP identity with a Ubisecure Web Application

Now the Ubisecure Management application must be used to associate the Service Provider identity with a Ubisecure Web Application. The SAML metadata of the Service Provider is uploaded to the management application. SAML metadata is a XML formatted document. The metadata represents the public information about the Service Provider identity.

  1. First, create the SP metadata file using the saml2.exe command in Listing 2.

    Code Block
    languagetext
    titleListing 2. Write the SAML metadata of the Service Provider to the c:\temp\sp.xml file
    Windows Server 2003:

cd /d "%ALLUSERSPROFILE%\Application Data\Ubisecure\Ubisecure.SAML2.ServiceProvider" 
"%ProgramFiles%\Ubisecure\Ubisecure.SAML2.ServiceProvider\bin\saml2.exe" Metadata ^
	sp -f c:\temp\sp.xml

Windows Server 2008:

cd /d "C:\ProgramData\Ubisecure\Ubisecure.SAML2.ServiceProvider"
"C:\Program Files\Ubisecure\Ubisecure.SAML2.ServiceProvider\bin\saml2.exe" Metadata ^
	sp -f c:\temp\sp.xml


  2. Use Ubisecure Management to create the web application.
    1. Create a web application
    2. Select Type SAML Service Provider (Figure 1)
    3. Press Activate
    4. Select the file that was created in Listing 2 (c:\temp\sp.xml) to be uploaded or paste the sp.xml file contents in the text window provided (Figure 2)
    5. Click OK
    6. The SAML Service Provider ID is now shown. (Figure 3) Click Update
    7. Copy the SAML Service Provider ID (entity ID) text shown in Figure 3. It will be used later when configuring the web.config file.
    8. Ensure the application has appropriate methods enabled and access to the application is configured in the Allowed To tab. An appropriate Authorization Policy is required to define which additional attributes will be available to the ASP.NET application. For more information on Web Application and Authorization Policy configuration, please refer to the SSO Management.

Using the Ubisecure Management application

Figure 1. Select SAML Service Provider from the drop down list and click Activate

...

Figure 3. The SAML Service Provider ID filed now shows the Entity ID of your SP

Get the metadata of the Identity Provider

Download the Ubisecure IDP metadata from the SAML 2.0 link on the Ubisecure Management home page. Save this file using the name idp.xml in the folder below according to the operating system used:

...

Multiple IDPs are configured using the IDP Proxy functionality of Ubisecure SSO Server.

Configure Attribute Authority

The use of an Attribute Authority is optional and for most installations not usually required. Skip this section if Attribute Queries are not being used.

...