F5 BIG-IP APM - SAML My Page Configuration - RSA Ready Implementation Guide
a year ago
Originally Published: 2019-06-25

This article describes how to integrate F5 BIG-IP APM with RSA Cloud Authentication Service using My Page SSO.

      

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure 

  1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
  2. Click Create From Template and click Select for SAML Direct.
  3. On the Basic Information page, choose Cloud.
  4. Enter the name for the application and click Next Step.
  5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose IdP-initiated.
  6. Scroll down to the Service Provider section and enter the following details:
    1. ACS URL: https://Virtual machine domain name/post/acs
    2. Service Provider Entity ID: Enter https://<VIRTUAL-SERVER>
  7. Scroll down to the Identity Provider section and make a note of the Identity Provider URL as it will be needed for the F5 BIG-IP APM configuration.
  8. Proceed with the Default option for Identity Provider Entity ID and Audience for SAML Response.
  9. Under the Message Protection section, for SAML Response Protection:
    1. Choose IdP signs assertion with response.
    2. Select the Override default signing key and certificate checkbox.
  10. Scroll down to the User Identity section and select the following:
    1. Identifier Type: emailAddress
    2. Property: mail
  11. Click Next Step.
  12.  Under Access Policy, choose Allow All Authenticated Users and select the policy for this application.
  13. In the Portal Display section, select the Display in Portal checkbox.
  14. Verify the Fulfilment section and click Save and Finish to complete the configuration.
  15. Locate the created application on the My Applications page and click the drop-down arrow next to Edit > Export Metadata.
  16. Click Publish Changes and wait for the operation to be completed.

    After publishing, your application is now enabled for SSO. 

    

Configure F5 BIG-IP APM SSO

Perform these steps to integrate F5 BIGIP APM with RSA as My Page SSO.
Procedure

  1. Sign in to the BIG-IP Configuration Utility and click System > Certificate Management > Traffic Certificate Management > SSL Certificate List > Import.
  2. In the Import Type drop-down list, select Certificate.
  3. Enter the following details:
    1. Certificate Name: Choose New and enter a suitable name for the certificate.
    2. Certificate Source: Choose Upload File, click Choose File, and select the certificate downloaded in the Cloud Authentication Service configuration.
    3. Click import.
  4. Click Access > Federation > SAML Service Provider > External IdP Connectors.
  5. Click Create.
  6. On the Create New SAML IdP Connector window, under the General Settings tab, do the following:
    1. Name: Suitable name for this IdP Connector.
    2. IdP Entity ID: Enter the Issuer Entity ID obtained from the Cloud Authentication Service configuration.
  7. On the Create New SAML IdP Connector window, under Single Sign On Service Settings, do the following:
    1. Single Sign On Service URL: Enter the Identity Provider URL obtained from the Cloud Authentication Service configuration.
    2. Single Sign On Service Binding: Select POST in the the drop-down list.
  8. On the Create New SAML IdP Connector window, under Assertion Settings, select Identity Location as Subject in the drop-down list.
  9. On the Create New SAML IdP Connector window, under Security Settings, select the certificate imported from the IdP's Assertion Validation Certificate drop-down list.
  10. Click OK to complete the external IDP connectors.
  11. Click Access > Federation > SAML Service Provider > Local SP Services.
  12. Click Create.
  13. On the Create New SAML SP Service window, under General Settings, do the following:
    1. Name: Enter a suitable name for the SAML SP service.
    2. Entity ID: Enter https://<VIRTUAL-SERVER> replacing <VIRTUAL-SERVER> with the IP address or hostname of your Virtual Server as configured in F5. This should be the same as the Service Provider Entity ID as entered in the Cloud Authentication Service configuration.
  14. On the Local SP Services page, select the checkbox corresponding to the Service Provider.
  15. Click Bind/Unbind IdP Connectors at the bottom of the page.
  16. On the Edit SAML IdPs that use this SP window, click Add New Row.
  17. In the SAML IdP Connectors drop-down list, select the Connector created in the preceding section, and then click OK.

 

The configuration is complete.

Return to F5 BIG-IP APM - RSA Ready Implementation Guide.

 

Related Articles

Trending Articles

Don't see what you're looking for?