How to Setup UniversitySite SSO With SecureAuth SP Initiated SAML

Introduction

This guide details the deployment and configuration of UniversitySite with SecureAuth IdP initiated via SP.

SecureAuth IdP Configuration

Once InstructorSite is set up on the UniversitySite server, perform these steps to integrate this platform with SecureAuth IdP initiated via SP.
  1. Create a Realm for the UniversitySite Integration. Configure the following tabs in the Web Admin console:
    1. Overview – Define the realm and SMTP connections.
    2. Data – Integrate the enterprise directory with SecureAuth IdP.
    3. Workflow – Define the way in which Users will access this application.
    4. Registration Methods / Multi-Factor Methods – Designate the Multi-Factor Authentication methods that will be used to access this page (if any).
  2. Go to the Data tab and ensure the Membership Connection Settings field values are set correctly.

  3. Scroll down to the Profile Fields section and map the directory field that contains the User's email address to the correct SecureAuth IdP property.


  4. FIGURE 1. Profile Fields Section.
  5. Select the Post Authentication tab.

  6. From the Authenticated User Redirect dropdown field, select the SAML 2.0 (SP Initiated) Assertion option as shown in Figure 2 An unalterable URL auto-populates the ’Redirect To’ field, which will append to the domain name and realm number in the address bar (Authorized/SAML20SPInit.aspx).


  7. FIGURE 2. Post Authentication Example.
  8. A customized post authentication page can be uploaded, but it is not required.

  9. Scroll down to the ‘User ID Mapping’ section and supply the following values.


  10. FIGURE 3. User ID Mapping Example.

  11. Scroll down to the SAML Assertion/WS Federation section like Figure 4.


  12. FIGURE 4. SAML Assertion/WS Federation Section Example.

    Make the following changes to the fields in this section.

  13. If required, scroll down to the Forms Auth/SSO Token section and click View and Configure Forms Auth keys /SSO token to configure the token/cookie settings and this realm for SSO.


  14. FIGURE 5. Forms Auth/SSO Token Section.
  15. Once the configurations have been completed and before leaving the Post Authentication page, click Save to avoid losing changes.
Field     Description/Value
User ID Mapping From this dropdown option list, select the SecureAuth IdP property that corresponds to the directory field. In this case, the option would be Email 1 as specified in the Profiles Fields.
Name ID Format From this dropdown option list, select the urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified option.
Encode to Base64 Select False.
Field Description/Value
SAML Consumer URL Enter a value like this: http:///UniversitySite>/UniversitySite>/UniversitySite >/UniversitySite<com- panyname>/saml/assertionconsumerservice.aspx 
WSFed/SAML Issuer Set to a unique name that will be shared with UniversitySite NOTE: The WSFed/SAML Issuer must match exactly on the SecureAuth IdP side and the UniversitySite side
SAML Audience Enter a value like this: http://secureauth.universitysite.com/universitysitesecu- reauth 
SAML Offset Minutes Set minutes to make up for time differences between devices.
SAML Valid Hours Set hours to limit for how long the SAML assertion is valid.
WS-FED Signing Algorithm SAML Signing Algorithm Set both to SHA1
Sign SAML Assertion Set to True
Sign SAML Message Set to True
Encrypt SAML Assertion Set to True 
Signing Cert Serial Number

Leave at the default value unless there is a third-party certificate being used for the SAML assertion. Note: If using a third-party certificate, click Select Certificate then choose the appropriate certificate. 

UniversitySite Configuration

To configure UniversitySite for use with SecureAuth IdP, perform the following steps.

Note: You can test your configuration without interrupting the existing login experience for your production users by following these instructions:

https://docs.universitysite.com/article/579-how-to-test-saml-configuration-without-interrupting-production

  1. From InstructorSite on the rightmost dropdown menu beneath your name, select Global Settings.
  2. Scroll to the bottom of this page and select Login Settings.

  3. Click to select the login Type as the USE SecureAuth option as shown in Figure 6.

    Figure 6 SecureAuth Configuration in UniversitySite

  4. Expand SAML Setup for Production Environment section.
  5. Enter the following field values:
  6. After everything is configured, click Save Settings.
Field Description/Value
Subdomain Set to any value that the users choose to access UniversitySite.
Provider's URL Set to the WSFed/SAML Issuer on the Post Auth tab. 
Provider's SSO URL Set to the realm you configured earlier. 
Provider's SLO URL Optional. If you choose your users to reach a certain logout page, specify this URL. 
SAML Provider’s Cert 

Insert (paste) the certificate from the SecureAuth appliance located in the Post Auth tab to this field.

After everything is configured, click Save Settings. 

Still need help? Contact Us Contact Us