Follow the steps below to create a logon procedure, Application and SSO IDP and SP configuration on DualShield.

Add a Logon Procedure:

Log on to the DualShield Administration Console and go to Authentication>Logon Procedure 

Click on  on the top right.

In the new Logon Procedure window, please enter the following information:

OptionValue
Name:Enter a friendly name
Type:Web SSO

Click: Save

Add Logon Steps

Select the drop down menu corresponding to the Logon Procedure you will be using and click on Logon Steps.

In the Logon Steps Dialogue box, click the  button.

Tick the desired authentication method, e.g. Static Password

Click Save.


Repeat to add extra steps.

I have added two steps; Static Password and One-Time Password

 

Create an Application

Authentication> Applications

Click on  on the top right.

In the new Application window, please enter the following information:

OptionValue
Name:Enter a friendly name
Realm:Select your Realm
Logon Procedure:

Select the Logon Procedure you had created in the previous step

Click: Save

Click Save

Bind the Application to an SSO Server Agent

Click the button under the Agents column on the same row as the application you will be using.

Tick the box of the SSO Server you will be using and click Save below.

Create a Service Provider Profile

Go to SSO>Service Providers

Click on  on the top right.

Fill in the details as per screenshot on right and make sure you select SAML 2.0 as Type, and click on Create Metadata

Copy and paste the following metadata into the Metadata dialogue box:


<EntityDescriptor entityID="https://www.imanageshare.com/authn/trusted-relay" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
        <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
        <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.imanageshare.com/authn/trusted-relay" index="0" isDefault="true"/>
    </SPSSODescriptor>
</EntityDescriptor>

Enable the following SAML Options including Support IDP Initiated Logon

Select Attributes at the top and then click Create

You have to create five attributes.

The first one is as follows:


OptionValue
Location:HTTP Body
Name:objectGUID
Format:basic
Script:userID.decodeHex().encodeBase64().toString()
Return in Response:Enabled

Click Save.

Click Create to create the second attribute...


OptionValue
Location:HTTP Body
Name:first_name
Format:unspecified
Maps To:firstName
Return in Response:Enabled


Click Save.

Click Create to create the third attribute...


OptionValue
Location:HTTP Body
Name:last_name
Format:unspecified
Maps To:lastName
Return in Response:Enabled


Click Save.

Click Create to create the fourth attribute...


OptionValue
Location:HTTP Body
Name:uid
Format:unspecified
Maps to:userPrincipleName
Return in Response:Enabled

Click Save.

Click Create to create the fifth attribute...


OptionValue
Location:HTTP Body
Name:aid
Format:unspecified
Fixed Value: *xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Return in Response:Enabled

*Replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx with the Company ID value from iManage Share.

Click Save.

Click Save again.  

Download the IDP Metadata file.

Go to SSO>SSO Servers

Select the drop-down menu corresponding to the SSO server you will be using and click on Download IDP Certificate.

  • No labels