SyferLock Help Center

GridGuard SAML Configuration

Setup GridGuard SAML URL

Setup GridGuard SAML URL
  • Hostname : Enter the externally accessible hostname.
  • IdP Certificates: Generate a self-signed certificate or Import a PKCS12 file for SAML signing or SAML encryption.

Click on "Apply Changes"

Adding SimpleSAMLPHP as a SAML Service Provider

Adding SimpleSAMLPHP as a SAML Service Provider

Right click on "SAML Configuration" and click on "+Add" to add a new SAML Service Provider. Then fill out the new form with the appropirate following data

  • Service Provider Name : Admin generated identifier
  • Signing Certificate : Select an installed x509 certificate for SAML assertion signing
  • Import SP Metadata: Upload XML Metadate for the SP. In this case it is the SimpleSAMLPHP.
  • Import SP Metadata URL : Directly download XML Metadata from the SP. This requires the GGVA device to have direct access to the SimpleSAMLPHP server. This URL was provided in the Validate SP Metadata section.
  • Entity Id : <Filled in by metadata>
  • ACS URL : <Filled in by metadata>
  • Validity Time : Set appropriately
  • Realm : Select Realm identifier to associate with this SAML SP.
  • Name Identifier : Select 'sAMAccountName' or 'uid' depending LDAP backend
  • Sign Encryption : Check
  • Encrypt Assertion : <Optional>
  • Attribute Mapping : See below

Attibute mapping is used to map a user's LDAP attribute value from the LDAP directory to the SAML Assertion. Here are the mapping you need to make from SAML attribute name to the LDAP attribute value

  • cn => cn
  • mail => mail
  • sAMAccountName => sAMAccountName (Active Directory)
  • uid => uid  (OpenLDAP)
  • memberOf => memberOf

Click on "Service Provider" and then press "Apply Changes"

Reference URLs

Reference URLs

Switch to the URL tab.  Now copy down the Metadata URL.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk