Contents
| Table of Contents | ||
|---|---|---|
|
Introduction
This page is a guide for configuring a third-party application to use Ubisecure SSO as an IDP (identity provider). The third-party application will be in an SP (service provider) role.Ubisecure SAML SP for Java is a Java library for integrating Java servlets and can be used if the calling application does not support natively support SAML2SAML 2.0 application integration in Ubisecure SSO.
This page does not explain how to create an application metadata or how to generate SAML requests. There are some open source toolkits available such as https://www.samltool.com/online_tools.php that can be used to generate and validate SAML requests and metadata.
Also it is good to understand what requests application’s SAML plug-in supports. Good to keep in mind that Ubisecure provides a plug-in SAML SP for Java application as well if needed.
SAML 2.0
...
Application Creation and Metadata Activation
Log in into Ubisecure SSO and follow the steps below to complete the task. You can obtain the
...
SSO metadata
...
file or link, from the [SAML 2.0], in the image in step 1 below.
...
This information, either the metadata file or the link, to the application integrator
...
.
Start the configuration by creating a new site. Give a name to the site. E.g. ‘Extranet’. You may have several applications in this site
Expand title Show image 
Create a new agent application by clicking on “New Agent…”“New Application…”
Expand title Show image 
Name it e.g. ‘Web Shop’, select Agent Application type as ‘SAML Service Provider’ and check the ‘Enable’ check box. Click ‘OK’‘OK’
Expand title Show image 
Activate the web application’s Metadata, either by uploading the SAML2 SP xml file, or by pasting the content of for the xml file.
Expand title Show image 
Click ‘Update’ ‘Update’ to save the configuration to finalize the metadata activation
Creating Authorization Policy
An Authorization policy determines which attributes will be sent to an application and in which format.
We will Next, we will create an authorization policy for the site and add it to the application’s agent. Go to the site level (Extranet), and select ‘Authorization’ ‘Authorization’ –tab. Click ‘New Policy…’ ‘New Policy…’ and select ‘CustomerID password’. From now on all these methods added at the site level are available for activation for the applications in this Site
Go to the ‘Authorization’ ‘Authorization’ –tab now, and create a new policy e.g. ‘AP for the Web Shop’. Click ‘OK’‘OK’. Next, go to ‘Attributes’ ‘Attributes’ –tab to add the attributes which are forwarded to the application
Expand title Show image 
Attributes can be added to the Agent’s Application’s Authorization Policy.
Expand title Show image (example attributes) 
Click ‘Add…’ ‘Add…’ and select the Agent Application to use this authorization policy. Click ‘OK’‘OK’
Expand title Show image 
Adding Authentication Method
Next will add the authentication method to the site and activate it to the ‘Web Shop’ -agentapplication. Select ‘Extranet’ –site and ‘Methods’ ‘Site Methods’ –tab.
Enable the authentication method for the ‘Extranet’ -site by checking the check box in front of the method and click ‘OK’‘OK’. Finally, press ‘Update’ ‘Update’ -button below once the method has been added to the site
Expand title Show image 
Assign the method to the ‘Web Shop’ –agent –application by selecting the ‘Agent’ ‘Applications’ -tab in the site. Select the agent application by clicking on it and select ‘Methods’ ‘Allowed Methods’ –tab
Select the authentication method and click ‘Update…’‘Update…’
Expand title Show image 
Click ‘Add…’ ‘Add…’ and select eIDMUser group (all users in CustomerID) to use this agent application and click ‘OK’‘OK’.
Expand title Show image 
Now the Web Shop application is integrated with Ubisecure SSO using SAML 2.0.The adminsitrator or application developer of the connected application must use the SAML2 IDP metadata to configure their application.
...
Next, pass the Ubisecure SSO metadata information to the application development if you haven’t done so.