How to setup UniversitySite SSO with SecureAuth SP Initiated SAML

Introduction

This guide details the deployment and configuration of UniversitySite with SecureAuth IdP initiated via SP

SecureAuth IdP Configuration

Once InstructorSite is set up on the UniversitySite server, perform these steps to integrate this platform with SecureAuth IdP initiated via SP.
  1. Create a Realm for the UniversitySite Integration. Configure the following tabs in the Web Admin console:
    1. Overview – Define the realm and SMTP connections
    2. Data – Integrate the enterprise directory with SecureAuth IdP
    3. Workflow – Define the way in which users will access this application
    4. Registration Methods / Multi-Factor Methods – Designate the Multi-Factor Authentication methods that will be used to access this page (if any)
  2. Go to the Data tab and ensure the Membership Connection Settings field values are set correctly.
  3. Scroll down to the Profile Fields section and map the directory field that contains the user's email address to the correct SecureAuth IdP property.

    4. FIGURE 1. Profile Fields Section
  4. Select the Post Authentication tab.
  5. From the Authenticated User Redirect drop-down field, select the SAML 2.0 (SP Initiated) Assertion option as shown in Figure 2 An unalterable URL auto-populates the ’Redirect To’ field, which will append to the domain name and realm number in the address bar (Authorized/SAML20SPInit.aspx).. 

    6. FIGURE 2. Post Authentication Example
    A customized post authentication page can be uploaded, but it is not required
  6. Scroll down to the ‘User ID Mapping’ section and supply the following values.

    7. FIGURE 3. User ID Mapping Example
    Field     Description/Value
    User ID Mapping From this drop-down option list, select the SecureAuth IdP property that corresponds to the directory field. In this case, the option would be Email 1 as specified in the Profiles Fields.
    Name ID Format From this drop-down option list, select the urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified option.
    Encode to Base64  Select False.
  7. Scroll down to the SAML Assertion/WS Federation section like Figure 4.

    8. FIGURE 4. SAML Assertion/WS Federation Section Example

    Make the following changes to the fields in this section.

    Field Description/Value
    SAML Consumer URL  Enter a value like this: http:///UniversitySite>/UniversitySite>/UniversitySite >/UniversitySite<com- panyname>/saml/assertionconsumerservice.aspx 
    WSFed/SAML Issuer Set to a unique name that will be shared with UniversitySite NOTE: The WSFed/SAML Issuer must match exactly on the SecureAuth IdP side and the UniversitySite side
    SAML Audience Enter a value like this: http://secureauth.universitysite.com/universitysitesecu- reauth 
    SAML Offset Minutes Set minutes to make up for time differences between devices 
    SAML Valid Hours Set hours to limit for how long the SAML assertion is valid
    WS-FED Signing Algorithm SAML Signing Algorithm Set both to SHA1
    Sign SAML Assertion Set to True
    Sign SAML Message Set to True
    Encrypt SAML Assertion Set to True 
    Signing Cert Serial Number Leave at the default value unless there is a third-party certificate being used for the SAML assertion. NOTE: If using a third-party certificate, click Select Certificate then choose the appropriate certificate. 

  8. If required, scroll down to the Forms Auth/SSO Token section and click View and Configure Forms Auth keys /SSO token to configure the token/cookie settings and this realm for SSO.

    9. FIGURE 5. Forms Auth/SSO Token Section
  9. Once the configurations have been completed and before leaving the Post Authentication page, click Save to avoid losing changes.

UniversitySite Configuration

To configure UniversitySite for use with SecureAuth IdP, perform the following steps.

NOTE: You can test your configuration without interrupting the existing login experience for your production users by following these instructions 
https://docs.universitysite.com/article/579-how-to-test-saml-configuration-without-interrupting-production

  1. From InstructorSite on the rightmost drop-down menu beneath your name, select Global Settings
  2. Scroll to the bottom of this page and select Login Settings 
  3. Click to select the login Type as the USE SecureAuth option as shown in Figure 6.


    Figure 6 SecureAuth Configuration in UniversitySite

  4. Expand SAML Setup for Production Environment section
  5. Enter the following field values:
    6. Field Description/Value
    Subdomain Set to any value that the users choose to access UniversitySite
    Provider's URL Set to the WSFed/SAML Issuer on the Post Auth tab. 
    Provider's SSO URL Set to the realm you configured earlier. 
    Provider's SLO URL Optional. If you choose your users to reach a certain logout page, specify this URL. 
    SAML Provider’s Cert  Insert (paste) the certificate from the SecureAuth appliance located in the Post Auth tab to this field.
    After everything is configured, click Save Settings. 
  6. After everything is configured, click Save Settings

Still need help? Contact Us Contact Us