Absolute Secure Access - SAML Relying Party Configuration - RSA Ready Implementation Guide
2 years ago
This section describes how to integrate RSA with Absolute Secure Access using SAML Relying Party.

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as Relying Party to Absolute Secure Access.
Procedure
  1. Sign in to the RSA Cloud Administration Console with Administrator credentials.
  2. Click Authentication Clients > Relying Parties on the menu at the top of the screen.                                                                                  image.png
  3. Click Add a Relying Party.                                                                                                                                                                   image.png
  4. On the Relying Party Catalog page, click Add corresponding to Service Provider SAML.                                                                     image.png
  5. Configure the following options in the Basic Information section:
    1. In the Name field, provide a name for the application; for example, Absolute Secure Access.
    2. In the Description field, provide a detailed description of the SAML application.
    3. Click Next Step.                                                                                                                                                                              image.png
  6. Configure the following options in the Authentication section:
    1. Click the SecurID manages all authentication option in the Authentication Details section.
    2. Select the desired authentication method from the Primary Authentication Method list.
    3. Select the appropriate Access Policy from the Access Policy for Additional Authentication list.                                image.png
  7. Configure the following options on the Connection Profile page:
    1. Select the Import Metadata option in the Data Input Method section.
    2. Click Choose File in the Data Input Method section.                                                                                     image.png
    3. Locate and select the SP metadata from Secure Access.
    4. Verify the details in the Service Provider and Audience for SAML Response sections.             
      1. Assertion Consumer Service (ACS) URL: This setting should match the ACS Location setting from the SAML - SP Configuration option in the Secure Access Console with /saml/login appended to the end of the URL.
      2. Service Provider Entity ID: This setting should match the Entity ID setting from the SAML - SP Configuration option in the Secure Access Console.
      3. Audience for SAML Response: Ensure the Default: Service Provider Entity ID option is selected.                                                  image.png
    5. Select the SP signs SAML requests check box in the Message Protection > SAML Request Protection section, and then select the SP signing certificate PEM file created in the next section.                                                                                      image.png
    6. Click Save and Finish.                                                                                                                                                        image.png
  8. Click Publish Changes.                                                                                                                                                                image.png
  9. Export the Relying Party metadata from the RSA console.
    1. Locate the Relying Party Configuration for Secure Access that was created in the previous step.
    2. Click the arrow icon beside Edit for the application, and then select the Metadata option.
    3. Click Download Metadata.                                                                                                                                                                     image.png

Configure Absolute Secure Access

Perform these steps to configure Absolute Secure Access.
Procedure
  1. Click Configure > Authentication Settings on the menu at the top of the screen.                                                                                 image.png
  2. Click New on the Authentication Settings screen.                                                                                                                                     image.png
  3. Enter a descriptive name for the new Authentication Profile in the Profile name field, and then click OK.                                                    image.png
  4. Select Authentication - User Authentication Protocol, change the Protocol option to SAML, and then click Apply.                        image.png
  5. Select the SAML - SP Configuration option and provide the following details:
    1. Entity ID: The URL for the Secure Access Server or an identifier on the end of the URL if multiple SAML configurations are used. For example, https://secureaccess.absolute.com/ or https://secureaccess.absolute.com/rsa
    2. ACS Location: The URL for the Secure Access Server. For example,https://secureaccess.absolute.com/
    3. Click Apply.                                                                                                                                                                                      image.png
    4. Click Generate New Certificate in the Signing certificate section.                                                                                              image.png
    5. Click Download Metadata in the Metadata section.                                                                                                                 image.png
  6. Create SP signing certificate from the SP metadata using the following steps.
    1. Open the downloaded SP metadata in a text editor.
    2. Open a new blank text editor document.
    3. Copy the entire SP signing certificate from the SP metadata. This is the value placed between the <ds:X509Certificate> and </ds:X509Certificate> section.
    4. Paste the value of the SP signing certificate in the blank text editor document.
    5. On a new line at the top of the text document containing only the SP signing certificate, add the following:
      -----BEGIN CERTIFICATE-----
    6. On a new line at the end of the text document containing the SP signing certificate, add the following:
      -----END CERTIFICATE-----
    7. Save the SP signing certificate as SPsigning.pem.
  7. Change the validUntil value in SP metadata using the following steps. 
    1. Open the downloaded SP metadata in a text editor.
    2. Locate the validUntil value.
    3. Modify the year to 5 years in the future. This will match the expiration of the SP signing certificate.
    4. Save the SP metadata.
  8. Click Configure > Authentication Settings on the menu at the top of the screen.                                                                                     image.png
  9. Locate and select the Authentication Profile created in the previous steps.
  10. Select the SAML - IdP Configuration option and set the following options:
    1. Select the Setting Override check box.
    2. Click Choose File in the Identity provider metadata section.
    3. Locate and select the IdP metadata from the RSA console.                                                                                                             image.png
    4. Click Import.                                                                                                                                                                               image.png
    5. Change Sign sign-on binding to HTTP POST.
  11. Click Apply.                                                                                                                                                                                                    image.png

The configuration is complete.
Return to Absolute Secure Access - RSA Ready Implementation Guide.
 
 
Don't see what you're looking for?