Configure Secure Proxy to Use External Logon Portal
About this task
You can configure Secure Proxy to use an external logon portal. Support has now been added to accept SAML 2.0 tokens from an external Identity provider and authenticate users based on these SAML 2.0 tokens.
Before you configure an external logon portal, gather the following information:
- Provide a value for each Secure Proxy feature listed. Fields listed in the worksheet are required.
- Accept default values for fields not listed.
- Note the Configuration Manager field where you will specify the value.
Configuration Manager Field |
Feature |
Value |
---|---|---|
SSO Token Cookie Name |
Name to assign to the Secure Proxy configuration |
|
External Portal |
Enables use of an external logon portal. |
|
|
URL of external login portal. |
|
|
Select this check box to enable SAML 2.0 (SSO) support on an external portal. | For more information on related field definitions see, Logon Portal tab. |
|
This ID represents the Secure Proxy Service Provider (SP). | https://<host>:<port>/myfilegateway |
|
Index of the Service Provider (SP) known to Identity Provider (IdP). | For more information on related field definitions see, Logon Portal tab. |
|
URL of the page that the trading partner is redirected to when it is logged out. |
For more information on related field definitions see, Logon Portal tab. |
|
Endpoint path to which the authentication response is to be sent. If you specify saml2SsoPost here, SSP expects IdP to HTTP POST the AuthnResponse with URL Signon/saml2SsoPost after a successful authentication. The same URL must be configured in IdP. | For more information on related field definitions see, Logon Portal tab. |
|
This ID represents the IdP. | |
|
From the drop-down, select the keystore where the keycert to be used for signing requests being sent to IdP by Secure Proxy is present. To know more about available KeyStore, go to CM GUI Credentials -> System Certificate Stores. |
|
|
From the drop-down list select the keycert to be used to sign requests being sent to IdP by Secure Proxy. | |
|
From the drop-down, select the trusted certificate store where the trusted certs are present to be used to validate the signed messages from IdP. To know more about available TrustStore, go to CM GUI Credentials>Trusted Certificate Store. |
|
|
From the drop-down list, select the trusted certificates to be used to validate the signed messages from IdP. |
To configure Secure Proxy to use the external logon portal: