Security

last person joined: 20 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Single Sign-On (SSO)

This thread has been viewed 16 times

  • 1.  Single Sign-On (SSO)

    Posted Apr 14, 2014 06:06 AM

    Hey Guys,

     

    Anyone can share their experience with setting up the SSO?

     

    I've tried using the IdP SSO URL which we use for other services and it works fine at other places but with ClearPass it just redirects to the XML page. We are using Shibboleth.



  • 2.  RE: Single Sign-On (SSO)

    EMPLOYEE


  • 3.  RE: Single Sign-On (SSO)

    Posted Apr 15, 2014 04:36 AM

    I am using the shibboleth URL: https://<IDP>/idp/profile/SAML2/Redirect/SSO, I've replaced the IDP that we use for other servcies.

     

    After enabling the SSO, I am getting this error message:

    Error Message: SAML 2 SSO profile is not configured for relying party https://<CPPM HOST>/networkservices/saml2/sp



  • 4.  RE: Single Sign-On (SSO)

    EMPLOYEE
    Posted Apr 26, 2014 10:19 AM

    That message means that your IdP (Shibboleth) server has not been configured to work with ClearPass as a service provider (SP).

     

    You need to export the SP metadata from ClearPass, and import it into your IdP for authorization. Also configure your IdP to return the username in the attribute named 'principal'.

     

    There is a recent technote on how to configure Single Sign On on ClearPass. It is available for partners at:

     

    https://afp.arubanetworks.com/afp/index.php/ClearPass_Technical_Information_Links

     

    If not running in a lab environment, please get your Shibboleth administrator involved.



  • 5.  RE: Single Sign-On (SSO)

    Posted Aug 13, 2014 05:02 PM
    @hrobers wrote:

    That message means that your IdP (Shibboleth) server has not been configured to work with ClearPass as a service provider (SP).

     

    You need to export the SP metadata from ClearPass, and import it into your IdP for authorization. Also configure your IdP to return the username in the attribute named 'principal'.

     

    There is a recent technote on how to configure Single Sign On on ClearPass. It is available for partners at:

     

    https://afp.arubanetworks.com/afp/index.php/ClearPass_Technical_Information_Links

     

    If not running in a lab environment, please get your Shibboleth administrator involved.

    Every time I try to click on the above link it brings me to http://afp.arubanetworks.com/403/index.html and fails to load anything. 

     

     



  • 6.  RE: Single Sign-On (SSO)

    EMPLOYEE
    Posted Aug 14, 2014 06:29 AM

    You will need a partner account to access that data. In the mean-time things have changed, and the referred to technote has been made public on the support website (no login needed):

     

    In the ClearPass Technote section:

    http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx

    please download: SAML_Configuration_Guide_v1.4.pdf

     

    Herman