How it Works
HID
Loading...
Zscaler and ActivID AS using SAML
User Manual
25 pgs851.96 Kb0
Table of contents
Loading...

HID Zscaler and ActivID AS using SAML User Manual

hidglobal.com
ActivID® Appliance and
®
Zscaler
SAML 2.0 Channel Integration Handbook
Document Version 1.1 | Released | May 2013
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
2

Table of Contents

1.0 Introduction ..................................................................................................................................................... 3
1.1 Scope of Document .................................................................................................................................... 3
1.2 Prerequisites .............................................................................................................................................. 3
2.0 Zscaler Configuration ..................................................................................................................................... 4
2.1 Procedure 1: Enable SAML on Zscaler ...................................................................................................... 4
2.2 Procedure 2: Configure ActivID IDP in Zscaler .......................................................................................... 5
2.3 Procedure 3: Export ActivID Appliance IDP Certificate .............................................................................. 6
2.4 Procedure 4: Import ActivID Appliance IDP certificate ............................................................................... 8
2.5 Procedure 5: Export Zscaler Metadata ...................................................................................................... 9
2.6 Procedure 6: Modify Zscaler Metadata .................................................................................................... 10
3.0 ActivID Appliance Configuration ................................................................................................................. 11
3.1 Procedure 1: Create SAML Channel ........................................................................................................ 11
3.2 Procedure 2: Import Zscaler Metadata ..................................................................................................... 13
3.3 Procedure 3: Authorize the SAML Channel (Authentication Policies) ..................................................... 15
3.4 Procedure 4: Configure the Identity Provider ........................................................................................... 17
3.5 Procedure 5: Adding a New Authentication Policies Mapping ................................................................. 18
4.0 SAML Channel Authentication: An Overview ............................................................................................ 19
4.1 Prerequisite: Activate Web Soft Token .................................................................................................... 19
4.2 Sample Authentication ............................................................................................................................. 22
Copyright ................................................................................................................................................................. 24
Trademarks ............................................................................................................................................................. 24
Revision History ..................................................................................................................................................... 24
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
3

1.0 Introduction

The Zscaler® W eb Security solution ena bles organizatio ns to embrace ne w cloud applications and social m edia technologies, while gaining advanced protection from accidental data loss, malicious attacks, and emerging threats. Zscaler W eb Security enables organizations to s ecurely enable busines s beyond the corporat e network, including such capabilities as:
Advanced Threat Protection
Cloud Application and Social Media Control
Anti-Virus and Anti-Spyware
Dynamic URL Filtering
Providing secure “one prompt” access via a web proxy over existing Int ernet connections requires strong , two­factor authentication to protect and identify users.
The HID® Global I den tity Assurance™ ActivID® Ap pl i ance works with Zscaler solution to pr o vi de vers at il e, s t rong authentication that is flexible, scalable, and simple to manage.
The ActivID Appliance offers support for multiple authentication methods that are useful for diverse audiences across a variety of service channels (SAML, RADIUS, etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1 Scope of Do cument

This document explai ns how to conf igure Acti vID Appliance and Zscaler using S ecurit y Assertion Mar kup Language (SAML). SAML 2.0 enables Web-bas ed authentication and author ization and can be us ed by Zscaler to delegate user authentication to the ActivID App lianc e.
Integrating ActivID Applian c e capab iliti es with Zscaler provides multiple choices for user authentication. This option is simple an d allows users to authenticate to t he ActivID Ap pliance IDP portal that has m any
authentication mec hanisms working out of the box, including on e-time password (OTP), W eb soft token OTP, and Public Key Infrastructure (PKI) methods.

1.2 Prerequisites

ActivID Appliance 7.2 (or greater) installed and configured.
Zscaler Web Security.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
4
1. Logged into Zscaler as an administrator, navigate to the Administration

2.0 Zscaler Configuration

2.1 Procedure 1: Enab le SAML on Zsca ler

tab.
2. Under Manage Administrators & Roles, click Manage Users & Authentication.
3. Select the Authenticate using SAML Sign-On option.
4. Click Done.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
5

2.2 Procedure 2: Configure ActivID IDP in Zscaler

1. In the Configure User Authentication section of the Zscaler Administrator Console, click View SAML Single Sign-On Parameters.
2. Enter the following parameters.
URL of the ActivID Appliance to which users are sent for authentication. For example, change the following URL to your ActivID Appliance Identity Provider.
https://<ACTIVID-APPLIANCE-FQDN>:8445/ac.4tress.samlidp/<SECURITY-DOMAIN­NAME>/binding/login-post.seam
For Attribute containing Login Name, enter NameID.
3. To upload the SSL public Certificate of the ActivID Appliance, click Service Provider’s Public Certificate (see the following section for steps to export your IDP certificate).
4. Click Done.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
6

2.3 Procedure 3: Export Act ivID Appliance IDP Certificate

1. Log on to the ActivID Appliance Management Console as an administrator.
2. When prompted, enter your User name and Password, and then click Submit.
3. Select the Configuration tab.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
7
4. In the Policies section of the menu to the left, expand the SAML menu, and then click ActivID Identity
Provider.
5. For Signing Certificate, click Download.
6. When prompted, click Open and then save the 4TRESS_IDP_SIGN.cer file to a desired location.
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
ActivID Appliance and Zscaler Web Security | SAML 2.0 Channel Integration Handbook
External Release | © 2012
8

2.4 Procedure 4: Imp ort Act ivID Applian ce IDP certificate

1. Before you can import the 4TRESS_IDP_SIGN.cer file, you must convert it to a .pem file using the Openssl
tool. Run the following:
openssl x509 -outform der -in 4TRESS_IDP_SIGN.cer -out 4TRESS_IDP_SIGN.der openssl x509 -inform der -in 4TRESS_IDP_SIGN.der -out 4TRESS_IDP_SIGN.pem
2. After you convert the file, you can import the file 4TRESS_IDP_SIGN.pem file by cli cking on Upload SSL Public Certificate in the Zscaler Administrator Console Identity Provider (IDP) Options section, as
illustrated next:
-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved. Page |
Loading...
+ 17 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use