Add Fortified ID app to Access

Scenario

When installing Management Center, the Fortified ID products Access, Portal, Forms, Password Reset or Enrollment are ready to use out-of-the-box. They ship with an default configuration which is configured to use Fortified ID online IdP. This IdP is only created for demo purposes. This document describes how to configure the application to use Fortified ID Access instead as IdP.

Note. This use case does NOT include how to configure Fortified ID Access as an SAML IdP. In this use case we are using Access as it is configured by default using Management Center (MC).

Prerequisite

• Fortified ID Access configured as SAML IdP. In this use case we are using Access as it is configured by default using Management Center (MC).

• When writing this use case only Portal and Forms are available as products through MC.

Overview

We will use Fortified ID Portal as an example how to add an Fortified ID app to Fortified ID Access SAML IdP. Change Port and URL in case you are adding another product than Portal. Port and URL in this use case are default installation values. If you have something else change accordingly. To make Portal use Access as SAML IdP, both products must exchange SAML metadata with each other.

Configure Portal to trust Access IdP

There are two files to update to make this happen.

Add the metadata URL parameter for Access IdP to Globals

1. Browse to Management Center for Portal

2. Click Configuration tab

3. Expand Misc settings

4. Click Globals

5. Add a new key, se example below.

   Copy

     "saml_idp_metadata_url": "https://localhost:8443/saml/metadata/default",

   1. localhost:8443 is the host name and port of Access

   2. /saml/metadata/ is a hardcoded path

   3. default is id of the SAML IdP we are using on access. In MC for Access, you can find it under Configuration -> Modules -> SAML -> SAML module

Change metadata source from Online IdP to Access IdP

1. Browse to Management Center for Portal

2. Click Configuration tab

3. Expand Misc settings

4. Click Auth settings

5. Find key

"path": "${globals.saml_idp_metadata_path}"

1. Replace that key with (configured in previous section)

"url": "${globals.saml_idp_metadata_url}"

Deploy settings to Portal

1. Click settings button

2. Click Deploy

3. Changes will be saved and service restarted.

Configure Access to trust Portal

You add a trust file to trusted applications för your SAML IdP

Add trust to Portal SAML SP

1. Browse to Management Center for Access

2. Click Configuration tab

3. Expand SAML

4. Expnad Trusted Applications

5. Click + to add a new trust application

6. Change configuration to shown below. Make sure id is unique. Example below is for Portal.

{
  "id": "saml_trust_1",
  "display_name": "Fortified ID Portal SAML SP",
  "description": "Fortified ID Portal SAML SP",
  "url": "https://localhost:8445/portal/authn/login/metadata"
}

Test your configuration

1. Browse to Portal. Default Portal will listen on https://localhost:8445/portal/

2. You will now be redirected to Access

3. Click for example Peter Bishop

4. You will be redirected back to Portal and logged in as Peter Bishop.

Extra

Add some roles to Peter Bishop

1. Browse to Management Center for Access

2. Click Configuration -> SAML -> Default IdP -> Selector -> Static SAML 2

3. Under roles, add 2 more roles. Result should look like:

   Copy

   "roles": [
           "Slack",
           "Office365",
           "Con artist",
           "app1",
           "app3"
         ]

4. Deploy changes.

5. Log out as Peter Bishop and login again in Portal