Security

Reply
Occasional Contributor II

Auto Sign-On with ClearPass and ADFS

Hello everyone,

 

A custumer wants to do ASO with ClearPass and ADFS.

 

Example : a employee goes to a captive portal and logs in. Then, when he goes to an web application ASO compatible (SharePoint for example), he's automatically logged in. 

 

I read the technote about SAML Configuration, but i'm not sure to understand how it works. I've never worked on that. 

 

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=24992 

 

 

If i'm right, ClearPass would be the Service Provider (SP) and ADFS would be the Identity Provider (IdP).  After a succesful 802.1X authentication, un token is generated by ClearPass and sent to the controller. 

 

When the user goes to the application, he is redirected to the IdP URL to do a SAML request. The controller intercepts the request and inserts the token and forward it to the SAML IdP. 

 

Then the IdP checks the token. If it's valid, it sends a SAML assertion in the response to the user.

 

 

My question is : how the IdP can check the validity of the token ? 

 

Thank you for your help

 

Guru Elite

Re: Auto Sign-On with ClearPass and ADFS

For ASO, ClearPass is both the IdP and SP and you’d need to use SAML chaining to use a secondary IdP.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Auto Sign-On with ClearPass and ADFS

Thank's for your quick reply !

 

Is there any documentation which can help to understand how to implement it ? 

Guru Elite

Re: Auto Sign-On with ClearPass and ADFS

Unfortunately we don’t have documentation for every identity provider. There are too many of them.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Auto Sign-On with ClearPass and ADFS

Hi Tim,

 

I'm interested in this subject too.

Can you just explain the SAML chaining part?

 

The idea would be to chain authentication request from Clearpass to ADFS? would it be done through a service?

 

I found your doc on Cloud Identity providers, would it be the same kind of process?

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: