Security

Reply
Occasional Contributor I
Posts: 8
Registered: ‎03-31-2014

Single Sign-On (SSO)

Hey Guys,

 

Anyone can share their experience with setting up the SSO?

 

I've tried using the IdP SSO URL which we use for other services and it works fine at other places but with ClearPass it just redirects to the XML page. We are using Shibboleth.

Aruba
Posts: 1,548
Registered: ‎06-12-2012

Re: Single Sign-On (SSO)

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=13565

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor I
Posts: 8
Registered: ‎03-31-2014

Re: Single Sign-On (SSO)

I am using the shibboleth URL: https://<IDP>/idp/profile/SAML2/Redirect/SSO, I've replaced the IDP that we use for other servcies.

 

After enabling the SSO, I am getting this error message:

Error Message: SAML 2 SSO profile is not configured for relying party https://<CPPM HOST>/networkservices/saml2/sp

MVP
Posts: 554
Registered: ‎11-04-2011

Re: Single Sign-On (SSO)

That message means that your IdP (Shibboleth) server has not been configured to work with ClearPass as a service provider (SP).

 

You need to export the SP metadata from ClearPass, and import it into your IdP for authorization. Also configure your IdP to return the username in the attribute named 'principal'.

 

There is a recent technote on how to configure Single Sign On on ClearPass. It is available for partners at:

 

https://afp.arubanetworks.com/afp/index.php/ClearPass_Technical_Information_Links

 

If not running in a lab environment, please get your Shibboleth administrator involved.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Dax
Occasional Contributor I
Posts: 6
Registered: ‎11-28-2012

Re: Single Sign-On (SSO)


hrobers wrote:

That message means that your IdP (Shibboleth) server has not been configured to work with ClearPass as a service provider (SP).

 

You need to export the SP metadata from ClearPass, and import it into your IdP for authorization. Also configure your IdP to return the username in the attribute named 'principal'.

 

There is a recent technote on how to configure Single Sign On on ClearPass. It is available for partners at:

 

https://afp.arubanetworks.com/afp/index.php/ClearPass_Technical_Information_Links

 

If not running in a lab environment, please get your Shibboleth administrator involved.


Every time I try to click on the above link it brings me to http://afp.arubanetworks.com/403/index.html and fails to load anything. 

 

 

MVP
Posts: 554
Registered: ‎11-04-2011

Re: Single Sign-On (SSO)

You will need a partner account to access that data. In the mean-time things have changed, and the referred to technote has been made public on the support website (no login needed):

 

In the ClearPass Technote section:

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx

please download: SAML_Configuration_Guide_v1.4.pdf

 

Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: