Configuration [JNP-SAML]

Create a SSO logon procedure

1. Login to the DualShield management console
2. In the main menu, select “Authentication | Logon Procedure”
3. Click the “Create” button on the toolbar
4. Enter “Name” and select “Web SSO” as the Type
   
   
   
   
5. Click “Save”
6. Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
7. In the popup windows, click the “Create” button on the toolbar
8. Select the desired authentication methods, e.g. “Static Password”
9. Click “Save”
10. Repeat step 7 - 9 to add more logon steps if desired, e.g. “One-Time Password”
    
    
    
    
11. Click "Close"

Create a SAML application

1. In the main menu, select “Authentication | Applications”
2. Click the “Create” button on the toolbar
3. Enter “Name”
4. Select “Realm”
5. Select the logon procedure that was just created 
   
   
   
   
6. Click “Save”
7. Click the context menu of the newly created application, select “Agent”
   
   
   
   
8. Select “ SSO Server”
9. Click “Save”
10. Click the context menu of the newly created application, select “Self Test”
    
    

Download IdP Certificate

1. Click the context menu icon of the SSO server and select “Download IdP Certificate” 
   
   
   
   
2. Save the certificate file into your hard disk

Download IdP Metadata

1. Click the context menu icon of the SSO server and select "Download IdP Metadata"
   &net
   
   
2. Save the file into your hard disk 

Import IdP Metadata

Log into your Juniper SA Management Console.

1. Select “Configuration” in the “System”section
2. Select the “SAML” tab

3. Click “New Metadata Provider”

4. 
   

   1. Enter Name

   2. Select "Local"
   3. Click "Choose File" to select the IdP Metadata file downloaded & save in the previous step

   4. Select "Accept Unsigned Metadata"

   5. Click "Choose File" to select the IdP Certificate file downloaded & save in the previous step
   6. Select "Identity Provider"
      
      

Create a SAML Authentication Server

1. Click “Authentication Servers” in the “Authentication” section
2. Select “SAML Server” in the dropdown list, and click “New Server”
   
   
   
   
3. Populate the fields
   
    
   
   
4. Click “Save Changes”
   We need to make some changes to the newly created SAML server.

5. Change the “Configuration Mode” to “Manual”
   

6. Append "?DASApplicationName=[Application Name]" to the end of "Identity Provider Single Sign On Service URL"
   
   
   
   Where [Application Name] is the name of the application that you created in DualShield for the Juniper SA.
   
   

7. Append "?DASApplicationName=[Application Name]" to the end of "Single Logout Service URL"
   
   
   

8. Click "Save Changes"

Download & Import SP Metadata 

In the Juniper SA management console, open the newly created SAML authentication server.

Click “Download Metadata” 

Save it to your hard disk

Open the file in a text editor

Copy the entire content to the clipboard

In the DualShield management console, select “SSO | SSO Servers”. In the context menu of the SSO server, select “Service Providers”

1. Click "Create" on the toolbar
   
   
   
   
2. Select the SSO Server, the SSO Application, and a name to identify the Service provider. 
3. Set  'Type' to SAML 2.0
4.  Paste the contents of the metadata file you had save to clip board inside the Metadata dialogue box.
5. Click "Save"