This article describes how to integrate SilverFort with RSA Cloud Access Service (CAS) using Relying Party.
  

Configure CAS

Perform these steps to configure CAS using Relying Party.

Procedure

1. Sign in to RSA Cloud Administration Console.
2. Click Authentication Clients > Relying Parties.
   
3. On the My Relying Parties page, click Add a Relying Party.
4. On the Relying Party Catalog page, click Add for Service Provider SAML.
   
5.  On the Basic Information page, enter the name for the application in the Name field and click Next Step.
   
6. On the Authentication page, choose RSA manages all authentication.
7. In the 2.0 Access Policy for Authentication drop-down list, select a policy that was previously configured, and then click Next Step.
   
8. Under Data Input Method, choose Enter Manually.
9. Scroll down to the Service Provider section and provide the following details in the specified formats:
   1. Assertion Consumer Service (ACS) URL: Enter your Mobile Messaging Service URL with the addition of the following prefix: /apps/api/sso/response. For example:
      • Global - https://raven.silverfort.io/apps/api/sso/response
      • Singapore - https://sg.raven.silverfort.io/apps/api/sso/response
      • Europe - https://eu.raven.silverfort.io/apps/api/sso/response
      • Australia - https://au.raven.silverfort.io/apps/api/sso/response
      • India - https://in.raven.silverfort.io/apps/api/sso/response
   2. Service Provider Entity ID: Enter the SAML Entity ID for your application. To ensure successful authentication, this must match the Audience value set in SilverFort.
      
10. Under the Message Protection section, choose IdP signs entire SAML response.
    
11. Expand the Show Advanced Configuration section.
12. Under the User Identity section, select emailAddress as Identifier Type and mail as Property.
    
13. Under the Statement Attributes section, enter the following attributes:
    Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Property: userName
    Attribute Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Property: mail
    
    
14. Click Save and Finish.
15. Click Publish Changes and wait for the operation to be completed.
    After publishing, your application is enabled for SSO. 
16. Under My Relying Parties, navigate to the newly created relying party.
17. In the Edit drop-down list, choose Metadata.
    

Configure SilverFort

Perform these steps to configure SilverFort.

Procedure

1. In the SilverFort Admin Console, navigate to the Settings page and select Integrations.
2. Click the Identity Bridge tab.
3. Click Add IdP and provide the following details.
   1. IdP Name: RSA ID Plus
   2. Application Name: Anything of your choice; for example, RSA_Silverfort_App
   3. Login URL: The Identity Provider URL copied from RSA (to find this, select Edit on your SAML application in RSA, and copy the Identity Provider URL).
   4. Issuer: The value of entityID copied from the metadata.
   5. Audience: The same value set for Service Provider Entity ID in RSA (for example, Silverfort_SP).
   6. Upload certificate: The certificate that was previously downloaded from RSA.
      
4. Click Save.

Create Bridge Policy

Perform the following steps to create a SilverFort Bridge policy.

1. On the Admin Console, navigate to the Policies page.
2. Select Create policy and fill all required fields.
   1. Policy name: Create a name for the policy
   2. Action: Select Identity Bridge.
   3. IdP: Select RSA ID Plus.
   4. Enterprise app: Select the application name you entered in the Bridge Config.
3. Click Save.

The configuration is complete.