AAA, NAC, Guest Access & BYOD

Does Clearpass need direct access to IDP when acting as SP or viceversa for SSO Integration

Aruba Employee
Q:

Does ClearPass need direct access to the IDP(Identity Provider) when acting as SP (Service Provider) or access to the SP (Service Provider) when acting as IDP(Identity Provider)



A:

No, ClearPass neither needs direct access to the IDP when acting as SP nor direct access to the SP when it acts as an IDP. This is because during the SSO process using SAML, all the interaction happens between the IDP and SP through the client browser so there is no need for ClearPass to have direct connectivity to the IDP or SP irrespective of whether its acting as IDP or SP. Its the client that needs access to both the IDP and SP so that it can carry the communication back and forth between the IDP and SP, authenticating across the IDP for getting access to the resources from the SP.

Version history
Revision #:
2 of 2
Last update:
‎10-18-2016 03:25 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: