Versions Compared

Old Version 14

changes.mady.by.user Gary Leicht

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open a browser window and enter the following URL to retrieve the ForgeRock metadata:

    http://<ServerUrl>/saml2/jsp/exportmetadata.jsp?entityid=<SPentityID>&realm=<realm_name>
    where

    1. [ServerURL] is the full AM/OpenAM server URL. Example: http://host1.example.com:8080/am.
    2. [SPentityID] is the name of the SP entity provider you created in the Entity Provider configuration in ForgeRock.
    3. Realmname is the name of the realm in which the SP entity provider is configured. If the SP entity is configured at the top level realm (/), you can exclude the &realm parameter from the URL.
    Note
    titleNote
    Keep this browser window open when adding configuration data to the Configure SAML page on the Infoblox SSO Portal.

    The following is a sample ForgeRock metadata and the values you need to copy for the SAML configuration on the SSO Portal:

    The screenshot shows the sample ForgeRock metadata and highlights the entityID, Signature Certificate, and Single Sign-on URL.

  2. From the ForgeRock metadata, copy the following:
    • Single Sign-On URL, which is located at SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".
    • Entity ID, which is the entityID. 
    • Signature Certificate
  3. Log in to the Infoblox SSO Portal.
  4. Go to Authentication -> 3rd Party IdP, and then click Configure SAML.
  5. Enter the following values that you have copied from the ForgeRock metadata:
    • IDP Single Sign-On URL:  Paste the Single Sign-On URL here.
    • IDP Issuer URI: Paste the Entity ID here.

    • Signature Certificate: Paste only the X.509 Certificate key, which is the value between "BEGIN CERTIFICATE" and "END CERTIFICATE" or between the XML entries such as <ds:x509Certificate> & </ds:x509Certificate >, depending on your data format). The SSO Portal also supports Base64 certificates with the following file extensions: .crt.pem, and .ca-bundle.

      Note
      titleNote
      If you receive an error message about the certificate, go to the beginning of the last line of the certificate and hit backspace to remove extra spaces in the previous line. You might need to repeat the same process for any lines that might include extra spaces.


  6. Click Save & Close.
  7. After you have configured the SAML application, you can complete the following configuration in the SSO Portal:
    1. Mapping User Groups
    2. Testing 3rd Party IdP Authentication
    3. Activating 3rd Party IdP Authentication

    You can also perform the following after you set up 3rd party IdP authentication: