In order to configure Ctera for SAML2 authentication, you will need details of the Single Sign-on and Single Logout URL.
| Section |
|---|
|
| Column |
|---|
From the ConsoleWorks Navigation Window, select SECURITY > Authentication > OpenID Connect >
Add. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Modified
|
|
|
| Section |
|---|
|
| Column |
|---|
Go back to the DualShield Admin Console and go to SSO>Service providers. View or edit your OIDC service provider created in DualShield Configuration for ConsoleWorks Expand the BASIC tab and copy out the Client ID and Client SecretSelect the drop down menu corresponding to the SSO server you will be using and click on View. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Removed Image Added
|
|
|
| Section |
|---|
|
| Column |
|---|
Add the following into ConsoleWorks. | Option | Value |
|---|
| Name: | Enter a friendly name such as 'DualShield' | | Title: | Enter a friendly name such as 'DualShield' | | Type: | General | | URL: | Paste in the Discovery URL you had Copied from SSO>SSO Servers (refer to DualShield Configuration for ConsoleWorks) | | Client ID: | Paste in the Client ID you had copied from SSO>Service Providers (see above) | | Client Secret | Paste in the Client Secret you had copied from SSO>Service Providers (see above) |
|
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Removed Image Added
|
|
|
| Section |
|---|
|
| Column |
|---|
Scroll down to where you can see the SingleSignOnService and SingleLogoutService URL. You may want to copy and past this somewhere, ready for the next section.Expand Display Options and set the order to 1 |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Removed Image Added
|
|
|
You will also need to download the IdP Certificate from the DualShield Administration Console
| Section |
|---|
|
| Column |
|---|
Select the drop down menu corresponding to the SSO server you will be using and click on Download IdP Certificate |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
| Section |
|---|
|
| Column |
|---|
In ConsoleWorks navigate to Security>Certificates>Import and follow the prompts to import the idp cert |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Added
|
|
|
Adding Users for OIDC authentication.
Please refer to ConsoleWorks' own documentation for creating Users, templates and rules, however there are two ways this can be set up:
| Section |
|---|
|
| Column |
|---|
1) New User Template is created, so that users are automatically created when they first logon. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Added
|
|
|
| Section |
|---|
|
| Column |
|---|
2) If users already exist on ConsoleWorks then connection rules need to be setup so the users are authorized DualShield as the OIDC provider, (Please refer the ConsoleWorks support guides) The exisiting users will then be added here: |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  Image Added
|
|
|