Follow the steps below to create a logon procedure, Application and SSO IDP and SP configuration on DualShield.
Add a Logon Procedure:
Log on to the DualShield Administration Console and go to Authentication>Logon Procedure |
|
Click on 
on the top right.
In the new Logon Procedure window, please enter the following information: | Option | Value |
|---|
| Name: | Enter a friendly name | | Type: | Web SSO |
Click: Save |
|
Add Logon Steps
Select the drop down menu corresponding to the Logon Procedure you will be using and click on Logon Steps. |
|
In the Logon Steps Dialogue box, click the 
button.
Tick the desired authentication method, e.g. Static Password |
|
Click Save.
Repeat to add extra steps.
| I have added two steps; Static Password and One-Time Password |
|
Create an Application
Authentication> Applications |
|
Click on on the top right.
In the new Application window, please enter the following information: | Option | Value |
|---|
| Name: | Enter a friendly name | | Realm: | Select your Realm | | Logon Procedure: | Select the Logon Procedure you had created in the previous step |
Click: Save |
|
Bind the Application to an SSO Server Agent
Select the drop down menu corresponding to the Application you will be using and click on Agents. |
|
Tick the box of the SSO Server you will be using and click Save below. |
|
Create a Service Provider Profile
Go to SSO>Service Providers |
|
Click on on the top right.
Fill in the details as per screenshot on right using the following values | Option | Value |
|---|
| Type: | OpenID Connect | | SSO Server: | Select the SSO server you applied as the aplication agent. (see above) | | Application: | Select the name of the Application from the drop down list | | Name | Type a frienly name to identify which application this Serrvice Provider will be associated with | | NameID Format | Keep as SAM Account Name |
|
|
Expand the BASIC tab and set the values below, leaving the remainining default values. | Option | Value |
|---|
| Redirect URIs: | https://x.x.x.x:5176/oidcauth | | Post Logout Redirect URIs: | https://x.x.x.x:5176/login.html |
*Replace the x.x.x.x with the IP of the ConsoleWorks server.  Scroll down to the next value
|
|
Click Save.
Obtain the OIDC Authorization Endpoint URL
Select the drop down menu corresponding to the SSO server you will be using and click on Edit |
|
Click on the OpenID Connect tab and copy out the Discovery URL. If the URLs are not displaying click on the LOAD DEFAULT button first.
|
|
Click Save.
Check the endpoint can be discovered on the ConsoleWorks server
Open a browser on the ConsoleWorks Server and paste in the Discovery URL. You should see something similar to the picture. If the URL cannot be reached, then you need to fix this first before moving on to the next section. |
|
