Create a Web logon procedure

1. Login to the DualShield Administration Console
2. In the main menu, select “Authentication > Logon Procedures”
3. Click the “+ CREATE” button on the toolbar, on the right
4. Enter a recognisable “Name” and select “Web SSO” as the Type
   
   
   
   
5. Click “SAVE”
6. Click the Context Menu icon of the newly created Logon Procedure, select “Logon Steps”
7. In the popup window, click the “+ ADD” button on the toolbar
8. Add the necessary Authentication methods here
   
   

Create a Web application

1. In the main menu, select “Authentication > Applications”
2. Click the “+ CREATE” button on the toolbar
3. Enter a recognisable “Name”
4. Select your internal “Realm”
5. Add the newly created Logon Procedure (from the previous step)
   
   
   
   
6. Click "Save" 
7. Click the context "..." menu of the newly created Application, then select "Agent" 
8. Select the "Single Sign-on Server (SSO Server)"
   
   
   
   
9. Click "Save"
10. Click the context "..." menu of the newly created Application, then select "Self Test" 
    
    

Download the DualShield IdP Metadata

1. In the main menu, navigate to " SSO > SSO Servers" 
2. Click the context "..." menu of "Single Sign-on Server (SSO Server") then select "Download Idp MetaData" .
   Note the Name and location of the XML file, saved locally.

In order to create a Service Provider for Splunk within DualShield - Next complete the "Splunk SAML Configuration"
Plus Download the Splunk Service Provider (SP) Metadata.


Create a Service Provider 

1. In the main menu, navigate to "SSO | Service Providers" 
2. Click the "+ CREATE" button in the toolbar
3. Select the SSO Server drop-down and select "Single Sign-on Server"
4. At the 'Application' drop-down, select the Splunk Application previously created.
5. Enter a suitable "Name"
6. Set 'Type' as "SAML 2.0"
   
   
   
   
7. Select the "CREATE METADATA" button.
8. At the window that appears, paste in to the large Metadata textbox, the Service Provider Metadata (contained in SPMetadata.xml). 
   
   
9. Click the "Attributes" tab, to create a new custom Attribute, that will be mapped to a fixed value that match the name of the Splunk group, for instance: "admin"
10. Click the "+ CREATE" button
11. Location at the drop-down, set as "HTTP Body"
12. Name could be entered as "role"
13. Beneath the 'Value' section, select "Fixed Value". Then set the Value in the textbox as "admin"
    
    
    
    
14. Click "SAVE" to create the custom attribute.
    
    
15. Click back to the 'General Settings' tab, of the Service Provider.
16.  At the 'NameID Format' field, change this field to "User Principle Name".
    
    
    
    
    
17.  Finally select "SAVE", to complete the Service Provider creation process.