Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Contents

Introduction

This page is a guide for configuring a third-party application to use Ubisecure SSO as an IDP (identity provider). The third-party application will be in an SP (service provider) role.

Ubisecure SAML SP for Java is a Java library for integrating Java servlets and can be used if the calling application does not support natively support SAML2.

SAML 2.0 Agent Creation and Metadata Activation

Log in into Ubisecure SSO and follow the steps below to complete the task. You can obtain the IDP metadata of Ubisecure SSO as file or link from the [SAML 2.0], in the image in step 1 below. Give this information, either the metadata file or the link, to the application integrator. The file contains only public key information and can be shared over insecure channels, as as unencrpyted email.

Start the configuration by creating a new site. Give a name to the site. E.g. ‘Extranet’. You may have several applications in this site

  1.  Show image

  2. Create a new agent by clicking on “New Agent…”

     Show image

  3. Name it e.g. ‘Web Shop’, select Agent type as ‘SAML Service Provider’ and check the ‘Enable’ check box. Click ‘OK’

     Show image

  4. Activate the web application’s Metadata, either by uploading the SAML2 SP xml file, or by pasting the content of the xml file.

     Show image

  5. Click ‘Update’ to save the configuration to finalize the metadata activation


Creating Authorization Policy

An Authorization policy determines which attributes will be sent to an application and in which format.

We will create an authorization policy for the site and add it to the application’s agent.

Go to the site level (Extranet), and select ‘Authorization’ –tab. Click ‘New Policy…’ and select ‘CustomerID password’. From now on all these methods added at the site level are available for activation for the applications in this Site

  1. Go to the ‘Authorization’ –tab now, and create a new policy e.g. ‘AP for the Web Shop’. Click ‘OK’. Next, go to ‘Attributes’ –tab to add the attributes which are forwarded to the application

     Show image

  2. Attributes can be added to the Agent’s Authorization Policy.

     Show image (example attributes)

  3. Click ‘Add…’ and select the Agent to use this authorization policy. Click ‘OK’

     Show image

Adding Authentication Method

Next will add the authentication method to the site and activate it to the ‘Web Shop’ -agent. Select ‘Extranet’ –site and ‘Methods’ –tab.

  1. Enable the authentication method for the ‘Extranet’ -site by checking the check box in front of the method and click ‘OK’. Finally, press ‘Update’ -button below once the method has been added to the site

     Show image

  2. Assign the method to the ‘Web Shop’ –agent by selecting the ‘Agent’ -tab in the site. Select the agent by clicking on it and select ‘Methods’ –tab

  3. Select the authentication method and click ‘Update…’

     Show image

  4. Click ‘Add…’ and select eIDMUser group (all users in CustomerID) to use this agent and click ‘OK’.

     Show image

Now the Web Shop application is integrated with Ubisecure SSO using SAML 2.0.
The adminsitrator or application developer of the connected application must use the SAML2 IDP metadata to configure their application.


  • No labels

Ubisecure Privacy Policy & Cookie Statement