Configuration [JNP-SAML]

Create a SSO Logon Procedure

1. Login to the DualShield Administration Console
2. In the main menu, navigate to “Authentication | Logon Procedures”
3. Click the “Create” button on the toolbar
4. Enter a suitable “Name” and select “Web SSO” as the Type:
   
   
   
   
5. Click “Save” to create.
6. Click the context "..." menu icon of the newly created Logon Procedure, then select “Logon Steps”
7. In the popup windows, click the “Create” button on the toolbar
8. Select the desired authentication methods, e.g. “Static Password”
9. Click “Save”
10. Repeat Step 7 - 9 to add more logon steps, as required, for example “One-Time Password”.
    
    
    
    
11. Click "Close" to confirm

Create a SAML application

1. In the main menu, navigate to “Authentication | Applications”
2. Click the “Create” button on the toolbar
3. Enter a suitable “Name”
4. Select the internal “Realm”
5. Select the Logon Procedure created in the previous step.
   
   
   
   
6. Click “SAVE” to create
7. Click the context "..." menu of the newly created Application, select “Agents”
   
   
   
   
8. Select “Single Sign-on Server"
9. Click “SAVE” to confirm.
10. Click the context "..." menu of the newly created Application, finally select “Self Test” to confirm associations.
    
    

Download IdP Certificate

1. Navigate to "SSO | SSO Servers"
2. Click the context "..." menu of the SSO server, then select “Download IdP Certificate” 
   The Certificate CRT file will be saved to the local computer.
   
   
   
   
3. Save the certificate file into your hard disk

Download IdP Metadata

1. Click the context "..." menu of the SSO server, then select "Download IdP Metadata"
   The Metadata XML file will be saved to the local computer.
   
   
   
   

Import IdP Metadata

Log in to your Juniper SA Management Console.

1. Select “Configuration” in the “System”section
2. Select the “SAML” tab

3. Click “New Metadata Provider”

4. 
   

   1. Enter Name

   2. Select "Local"
   3. Click "Choose File" to select the IdP Metadata file downloaded & save in the previous step

   4. Select "Accept Unsigned Metadata"

   5. Click "Choose File" to select the IdP Certificate file downloaded & save in the previous step
   6. Select "Identity Provider"
      
      

Create a SAML Authentication Server

1. Click “Authentication Servers” in the “Authentication” section
2. Select “SAML Server” in the dropdown list, and click “New Server”
   
   
   
   
3. Populate the fields
   
    
   
   
4. Click “Save Changes”
   We need to make some changes to the newly created SAML server.

5. Change the “Configuration Mode” to “Manual”
   

6. Append "?DASApplicationName=[Application Name]" to the end of "Identity Provider Single Sign On Service URL"
   
   
   
   Where [Application Name] is the name of the application that you created in DualShield for the Juniper SA.
   
   

7. Append "?DASApplicationName=[Application Name]" to the end of "Single Logout Service URL"
   
   
   

8. Click "Save Changes"

Download & Import SP Metadata 

In the Juniper SA management console, open the newly created SAML authentication server.

Click “Download Metadata” 

Save it to your hard disk

Open the file in a text editor

Copy the entire content to the clipboard

Back in the DualShield Administration Console, select “SSO | Service Providers"

1. Click "+ CREATE" on the toolbar
   
   
   
   
2. Select the "Single Sign-on Server".
3. From the drop-down, choose the SSO Application previously created
4. Enter an appropriate name for this new Service provider.
5. Set  'Type' to "SAML 2.0"
6. Select the "CREATE METADATA" button, when a large textbox will appear. Paste in the Juniper Metadata saved to Clipboard. Then "SAVE" to update.
7. Click "Save" to complete creation of this Service Provider