Add Fortified ID SAML SP app to Access
Scenario
When installing Management Center, the Fortified ID products Access, Portal, Forms, Password Reset or Enrollment are ready to use out-of-the-box. They ship with an default configuration which is configured to use the Fortified ID online IdP, this IdP is only used for demo purposes. This document describes how to configure the Fortified ID SAML SP application to use Fortified ID Access instead as IdP.
Note. This use case does NOT include how to configure Fortified ID Access as an SAML IdP. In this use case we are using Fortified ID Access as it is configured by default when installed using Management Center (MC).
Prerequisite
Fortified ID Management Center with Fortified ID Access and Fortified ID Portal added.
You can apply this to any of the Fortified ID app acting as SAML SP of course but as reference in this use case we will use Fortified ID Portal.
Both products have the default configuration when newly installed, we will that as a starting point in this use case.
Overview
We will use Fortified ID Portal as an example how to add an Fortified ID SAML SP app to Fortified ID Access SAML IdP. Port and URL in this use case are default installation values, if you have e.g. Forms, Password Rese or Enrollment else change accordingly. To make Portal use Access as SAML IdP, both products must exchange SAML metadata with each other.
Configuration
Overview of the steps in this use case
Configure Portal (SAML SP) to trust Access (SAML IdP)
Configure Access (SAML IdP) to trust Portal (SAML SP) and configure nameid and assertion
1. Configure Portal to trust Access IdP
There are two files to update to make this happen.
Add a metadata URL key for the Access IdP to Globals
Browse to Management Center for Portal
Click Configuration tab
Expand Misc settings
Click Globals
Add a new key, se example below.
localhost:8443 is the host name and port of Access
/saml/metadata/ is a hardcoded path
default is the id of the SAML IdP we are using on Access. In MC for Access, you can find it under Configuration -> Modules -> SAML -> SAML module
Click Update
Change metadata source from the online IdP to Access IdP
Browse to Management Center for Portal
Click Configuration tab
Expand Misc settings
Click Auth settings
Find key
"path": "${globals.saml_idp_metadata_path}"Replace that key with value below (reference to global configured in previous section)
"url": "${globals.saml_idp_metadata_url}"Click Update
Deploy changes
2. Configure Access to trust Portal
You add a trust file to trusted applications för your SAML IdP
Add trust to Portal SAML SP by creating a SAML SP object
Browse to Management Center for Access
Click Applications tab
Click to + Add SAML SP
In Display name type Fortified ID Portal
Choose Default IdP
In Metadata URL type https://localhost:8445/portal/authn/login/metadata
Click Create SP
Click on the SAML SP object you just created to edit it
Click NAMEID SETTINGS tab and select
NameID Format - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
From parameter - username
Click ATTRIBUTE SETTINGS tab
Click Add attribut and type
Name* - display_name
Name Format - display_name
Click Update
Deploy changes
Test your configuration
Browse to Fortified ID Portal https://localhost:8445/portal/
You will now be redirected to Access
Click for example Peter Bishop
You will be redirected back to Portal and logged in as Peter Bishop.
Extra
Add some roles to Peter Bishop
Browse to Management Center for Access
Click Configuration -> SAML -> Default IdP -> Selector -> Static SAML 2
Under roles, add 2 more roles. Result should look like:
Deploy changes.
Log out as Peter Bishop and login again in Portal
Last updated