This section provides the information on integrating Advanced Authentication with ArcSight and to achieve single sign-on (SSO) to ArcSight.
To configure the integration of Advanced Authentication with ArcSight, perform the following tasks:
On the NFS server, open the sso-configuration.properties file, located by default in the <arcsight_nfs_vol_path>/sso/default directory.
<arcsight_nfs_vol_path> is the nfs volume used for CDF installation.
For example: /opt/NFS_volume/arcsight-volume. This location might vary based on the version of ArcSight.
In the configuration directory, open the sso-configuration.properties file and add the following properties:
com.microfocus.sso.default.login.method = saml2
com.microfocus.sso.default.saml2.enabled = true
com.microfocus.sso.default.login.saml2.mapping-attr = mail
com.microfocus.sso.default.login.saml2.identifierFormat = emailAddress
Download the SAML2 metadata from Advanced Authentication server.The URL to download the metadata:
https://<AA Server hostname>/osp/a/<Tenant Name>/auth/saml2/metadata
Convert the metadata xml file to base64 string and set the following variable:
com.microfocus.sso.default.login.saml2.metadata = <base64 encoded metadata xml>
Save the changes in the sso-configuration.properties file.
Ensure, there are no additional spaces at the end of properties.
Restart the pod to apply the new configuration.
Get the pod information using following command:
kubectl get pods --all-namespaces | grep fusion-single-sign-on
Delete the current running pod using following command:
kubectl delete pod fusion-single-sign-on-xxxxxxxxxx-xxxxx -n arcsight-installer-xxxxx
New pod is initiated with new configuration.
Retrieve the Fusion SSO SAML service provider metadata from the server.
https://EXTERNAL_ACCESS_HOST/osp/a/default/auth/saml2/spmetadata
where, EXTERNAL_ACCESS_HOST is the hostname of the server.
This metadata must be uploaded in Advanced authentication SAML2 configuration.
For more information, see Configuring SAML Authentication in ArcSight.
Open the Advanced Authentication Administration portal.
Click Events > New Event.
Create an event with the following parameters:
Name: specify a preferred name that indicates the use of this event. For example, ArcSight
Event Type: SAML2
Chains: select the required chains.
SP SAML 2.0 meta data: Paste the content of the file https://EXTERNAL_ACCESS_HOST/osp/a/default/auth/saml2/spmetadata
or
Click Choose File and upload the saved XML file.
Set Send E-Mail as NameID (suitable for G-Suite) to ON.
Click Save.
Open the ArcSight login page, the page redirects to the Advanced Authentication server, where the user must authenticate. After successful authentication, the Advanced Authentication server redirects the user back to ArcSight Dashboard page.