VMware Cloud Director - SAML SSO Agent Configuration - RSA Ready SecurID Access Implementation Guide
2 years ago
Originally Published: 2022-06-02

This section describes how to integrate RSA SecurID Access with VMware Cloud Director using a SAML SSO Agent.

Architecture Diagram

jaink9_0-1654146749668.png

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service as an SSO Agent SAML IdP to VMware Cloud Director. During configuration of the IdP you will need some information from the SP. This information includes (but is not limited to) Assertion Consumer Service URL and Service Provider Entity ID.

Procedure

  1. Sign into RSA Cloud Administration Console and browse to Applications > Application Catalog, click Create From Template and select SAML Direct.

    jaink9_1-1654146777828.png

  2. Enter a name for the application in the Name field on the Basic Information page and click the Next Step button.

    jaink9_2-1654146800580.png

  3. In Connection Profile, click on Import Metadata. Import the metadata file downloaded from Step 4 of Configure SAML in VMware Cloud Director.

  4. Navigate to Initiate SAML Workflow section.

    1. Connection URL field: Automatically populated as VMware Cloud Director metadata file is imported in Step 3 above.

    2. Choose SP-Initiated.

    jaink9_3-1654146823123.png

  5. Scroll down to SAML Identity Provider (Issuer) section. Click Generate Cert Bundle, enter the Common Name and Generate and Download the certificate.

    jaink9_4-1654146864172.png

    1. Identity Provider URL - <Automatically generated>

    2. Issuer Entity ID - <Automatically generated>

    3. Select Choose File and upload the private key.

    4. Select Choose File to import the public signing certificate.

  1. Scroll down to the Service Provider section.

    jaink9_5-1654146894193.png

    1. Assertion Consumer Service (ACS) - Automatically populated as VMware Cloud Director metadata file is imported in Step 3 above.

    2. Audience (Service Provider Entity ID) - Automatically populated as VMware Cloud Director metadata file is imported in Step 3 above.

  2. Scroll to the User Identity section, select the following values.

    jaink9_6-1654146928133.png
    • Identifier Type – Email Address

    • Identity Source – name of your user identity source

    • Property – mail

  3. Click Next Step.

  4. On the User Access page, select Allow All Authenticated Users radio button.

    jaink9_7-1654146959843.png

  1. Click Next Step.

  2. On the Portal Display page, select Display in Portal.

  3. Click Save and Finish.

  4. Click Publish Changes.

    jaink9_8-1654146992904.png

 

Configure SAML in VMware Cloud Director

Perform these steps to configure VMware Cloud Director as an SSO Agent SAML SP to RSA Cloud Authentication Service.

Procedure

  1. Log onto your VMware Cloud Director Service Provider Admin Portal.

  2. From the top navigation bar, select Administration.

  3. Under the Administration tab, click SAML. Click Edit.

    jaink9_11-1654147095819.png

    The current SAML settings are displayed.

  4. From the Service Provider tab, download the VMware Cloud Director SAML service provider metadata.

    1. Enter an Entity ID for the system organization. This Entity ID uniquely identifies your system organization to RSA SecurID.

    2. Examine the certificate expiration date and, if expiring soon, regenerate the certificate by clicking Regenerate.

    3. Click Retrieve Metadata.

    jaink9_10-1654147072884.png

  5. On the Identity Provider tab, upload the SAML metadata that you previously received from your identity provider.

    1. Select Use SAML Identity Provider.

    2. Either click the Browse icon () and upload the file, or copy and paste its content in the Metadata XML text box.

    jaink9_9-1654147034035.png

  6. Click Save.

 

Configuration is complete.

Return to the main page for more certification related information.

Related Articles

Trending Articles

Don't see what you're looking for?