To start the process in the SafeNet Trusted Access Platform, Navigate to;
Applications > Add Application
Search for “Generic Template”, Click Add
In the Template Configuration…
Change the Display Name to “SafeConsole”, and Select “SAML”, press “Add”.
Once the application has been added, choose “Download Metadata File”.
This action will download an XML template file which contains the Entity ID, SSO URL, SAML Assertion Consumer URL, and SafeNet Trusted Access Digital certificate which can be used to configure SafeConsole SSO Settings. Save this file in a safe location for later use.
*Note* The SAML Cert needed is actually made with the device's CA certificate. This certificate is located in the safeconsole/cert/ca.p12 file. If this is a SafeConsole cloud customer, the customer will have to open a ticket with Datalocker Support/Cloud to request the certificate.
In SafeNet Trusted Access, press “STA Setup”
Configure the required settings for SAML 2.0 Authentication
Entity ID = SafeConsole
Logout URL (Post Binding) = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/?logout
Assertion Consumer Service URL (Post Binding) = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/sso-login/acs
Request Signing Certificate = Upload the SafeConsole Provided Certificate
User Login ID Mapping = Email Address
Return Attributes = memberOf -> Custom #1
Return attributes for “memberOf” can be set to send the value of data stored in Custom #1
Custom #1 value should be configured to store SafeConsole Role Membership information
Example: super admin, admin, manager, support, etc.
*Please note the value is case sensitive so it must match what is listed in safeconsole*
*Please make sure custom role based security system is enabled*
User Portal Settings:
Federation Mode = SP Initiated & IDP Initiated
Service Login URL = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/#/login
Name ID Format = Unspecified
Enforce User Name = Prompt User to enter user name
Signature Algorithm = RSA-SHA256
Authentication Request Signature Validation = Verify Request Signature
Assertion Encryption = Assertion not Encrypted
Response Signing = Sign Response
Binding Protocol = Unspecified
Group Return Attribute Format = SAML attribute/value pair
Logout Channel = Back
Save these configurations.
Setting up SSO with SafeConsole
Login to SafeConsole and navigate to the SSO Configuration area
SafeConsole > Server Settings > Single Sign On >
Check “Enable Single Sign-on”
SSO Provider = SAML2
Upload the previously saved .XML File
Set the Entity ID to “SafeConsole”