How it Works
HID
Loading...
Juniper and ActivID AS SAML
User Manual
20 pgs687.29 Kb0
Table of contents
Loading...

HID Juniper and ActivID AS SAML User Manual

hidglobal.com
4TRESS FT2011
Authentication Server
SAML 2.0 Channel
Integration Handbook
FT2011 and Juniper Secure Access | SAML 2.0 Channel Integration Handbook
External Release | © 2012
2

Table of Contents

List of Figures ............................................................................................................................................................. 3
1.0 Introduction ....................................................................................................................................................... 4
1.1 Scope of Document .................................................................................................................................... 4
1.2 Prerequisites .............................................................................................................................................. 4
2.0 Juniper Secure Access Configuration ............................................................................................................... 5
2.1 Procedure 1: Create SAML Authentication Server .................................................................................... 5
2.2 Procedure 2: Define Juniper User Role(s) ................................................................................................. 7
2.3 Procedure 3: Define Juniper Authentication Realm ................................................................................... 8
2.4 Procedure 4: Configure Juniper Sign-In Page ........................................................................................... 9
2.5 Procedure 5: Juniper Sign-In Policies ...................................................................................................... 11
3.0 4TRESS Configuration .................................................................................................................................... 12
3.1 Procedure 1: Create SAML Channel ........................................................................................................ 12
3.2 Procedure 2: Import Juniper Metadata ..................................................................................................... 14
3.3 Procedure 3: Authorize the SAML Channel (Authentication Policies) ..................................................... 14
3.4 Procedure 4: Configure the Identity Provider ........................................................................................... 16
4.0 SAML Channel Authentication: An Overview ................................................................................................. 17
4.1 Prerequisite: Activate Web Soft Token .................................................................................................... 17
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
FT2011 and Juniper Secure Access | SAML 2.0 Channel Integration Handbook
External Release | © 2012
3

List of Figures

FIGURE 1: Illustration of User Authentication wit h a Web Soft Token Launched in the Sign-In Page ................ 18
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
FT2011 and Juniper Secure Access | SAML 2.0 Channel Integration Handbook
External Release | © 2012
4

1.0 Introduction

The Juniper® Networks SA Series SSL VPN Applian ces enable remote and mobile employees, customers, and partners to gain secure access to corporate Virtual P r i v ate Network resources and applications. Providing secure access via a VPN over existing Internet connections requires strong, two-factor authentication to protect resources. The HID Global Identity Assurance™ soluti ons t hat work with Juniper Networks appliances incorporate SSL VPN solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. There are two solutions:
4TRESS AAA Server for Remote Access—Addresses the sec urity risks associated with a mobile workforce remotely accessing systems and data.
4TRESS Authentication Server (AS)—Offers support f or mul t i ple aut hentication methods that are useful for diverse audiences across a variety of service channels (including SAML), including user name and password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1 Scope of Document

This document explains how to configure 4TRESS Authenticat ion Serv er (FT2011) and Juniper Secure Access (SA) using Security Assertion Markup Language (SAML). SA ML 2.0 enables Web-based authentication and authorization and can be used by Juniper SA to delegate user authentication to the 4TRESS Authentication Server.
The integration of 4TRESS Authentication Server capabilities with Juniper SSL-protected Virtual Private Networks enables multiple user authentication choices. User s can authenticate to the 4TRESS authentication portal using whichever authentication mechanism is appropriate for the environment and company policies. Authentication methods working out of the box include one-time passwords (OTP), Web soft token OTPs, an d P ubl ic K ey Infrastructure (PKI) methods.

1.2 Prerequisites

4TRESS Authentication Server (FT2011 or greater) installed and configured.
Juniper SA with SAML 2.0 capabilities installed and configured (at a minimum, Juniper Networks
Secure Access IVE Platform Version 7.1R5).
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
FT2011 and Juniper Secure Access | SAML 2.0 Channel Integration Handbook
External Release | © 2012
5

2.0 Juniper Secure Access Configuration

This chapter describes how to manage Juniper Secure A c ce ss. When a user signs into a Juniper SA Series appliance, the user specifies an authentication r ealm , which is associated with a specific authentication server. The Juniper SA Series appliance forwards the user’s credentials to this authentication server to verify the user’s identity. The first procedure is to create a new SAML server to validate authenticat ion requests.

2.1 Procedure 1: Create SAML Authentication Server

Getting Started
1. In the Admin console, expand the Authentication menu, and then click Auth. Servers.
2. From the New drop-down list, select SAML Server, and then click New Server.
The following dialog is displayed.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
FT2011 and Juniper Secure Access | SAML 2.0 Channel Integration Handbook
External Release | © 2012
6
All data should be populated already, as illustrated above.
3. Proof the Settings tab page to be sure the following opt ions a nd attributes are correct.
SAML Version—Select 2.0.
SA Entity Id—This should be auto-populated. If not, then click Configure host name (not
illustrated).
Single Logout Service URL—make sure it is correct.
The other settings are default settings. Accept them.
Configuration Mode—The Metadata option should be selected. Metadata is used to
configure the 4TRESS Identity Provider (IDP). If there are issues, then you will have to retrieve the 4TRESS Metadata, which are available via the
4TRESS Management Console. See the illustration on the f oll owing page.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
Loading...
+ 14 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use