1.3 Configuring Access Manager

After configuring the connector, you must configure single sign-on SAML 2.0 federation between Access Manager and SocialAccess.

  1. In SocialAccess, obtain the required information to configure Access Manager:

    1. On the Admin page, click the Connector for Access Manager.

    2. Click Configure.

    3. Expand the Federation Instructions, then copy and paste the instructions into a text file to use during the Access Manager configuration.

      NOTE:You must use a text editor that does not introduce hard returns or additional white space. For example, use Notepad instead of Wordpad.

  2. Create a new Identity Provider for the appliancein Access Manager:

    1. Log in to the Access Manager Administration Console.

    2. Click Devices > Identity Servers > ClusterName > > SAML 2.0.

    3. Click New, then select Identity Provider.

    4. Use the following information to configure the Identity Provider:

      Name: Specify the name of your appliance .

      Source: Select Metadata Text in the list as the source, then open the Identity Broker metadata file in a browser. The URL is https://appliance:443/osp/a/t1/auth/saml2/metadata. Copy and paste the entry in the metadata file for Access Manager into the Metadata Text field.

      or

      Select Metadata URL in the list as the source, then copy the metadata URL. The URL is https://appliance:443/osp/a/t1/auth/saml2/metadata.

    5. Click Next, then view the signing certificate of the Identity Broker.

    6. Click Finish to save the configuration.

  3. Configure the new Identity Provider you just created:

    1. Click the new Identity Provider, then click the Authentication Card > Authentication Request.

    2. Use the following information to configure the Identity Provider:

      Name Identifier Format: Select Transient.

      Options > Response protocol binders: Select Post from the list.

    3. Click OK to save the changes.

  4. Make any additional changes you require.

  5. Import the certificate from the Connector for Access Manager:

    1. Click Security > Trusted Roots, then click Import.

    2. Use the following information to import the certificate:

      Name: Specify the name as appliance_name_signing_cert.

      Certificate data file: Copy and paste the certificate information from the text file you created in the first step of this procedure.

      NOTE:You must use a text editor that does not introduce hard returns or additional white space. For example, use Notepad instead of Wordpad.

    3. Click OK to import the certificate.

  6. Add the certificate to the trust store:

    1. Click Add Trusted Roots to Trust Store.

    2. In the Trust stores field, click Edit.

    3. Select Trust Store for NIDP and OSCP Trust Store.

    4. Click OK twice to save the changes.

  7. Update the Identity Provider:

    1. Click Devices, then click your Identity Provider.

    2. Click Update All, then click OK.

    3. Wait for Access Manager to process the new configuration.

  8. Log out of Access Manager.

  9. Proceed to Section 1.4, Logging in to Access Manager.