Reset Search
 

 

Article

KB41003 - How to configure a Pulse Client connection profile to assign a static IP address in SAML environment when PCS acts as SAML SP and the RADIUS is used for authentication on IDP end

« Go Back

Information

 
Last Modified Date10/19/2017 5:18 AM
Synopsis
This article provides information on how to configure the VPN Tunneling connection profile to assign a static IP address in a SAML setup where the PCS appliance acts as an SP and the IDP can either be a 3rd party device or another PCS appliance. The Auth server on IDP end is a RADIUS server.
Problem or Goal
How to Configure a Pulse Client connection profile to assign a static IP address in SAML environment when PCS acts as SAML SP and RADIUS is used for authentication on IDP end.
Cause
Solution

Configuration on PCS box acting as Service Provider:

  1. Navigate to Users > Resource Policies > VPN Tunneling > Connection Profiles
  2. ​Create a profile for connection and select IPv4 address pool under IPv4 address assignment section on page.
  3. Type the user attributes value as 
    .<userAttr.Framed-IP-Address>
User-added image
  1. The IDP should pass the correct attribute value in assertion statement to the PCS for it to be able to assign the IP to the client
User-added image

In the scenario when the IDP is also a PCS box with RADIUS configured for authentication:
  1. Navigate to Authentication > Auth Servers
  2. Under RADIUS accounting, select the checkbox for VPN Tunnel assigned IP addressUser-added image
  3. Under Authentication > Signing In > Sign-In SAML > Identity Provider, enter the value Framed-IP-Address 
  4. Under Attribute Name, enter the value Framed-IP-Address User-added image
This will ensure that the IDP sends the <userAttr.Framed-IP-Address> attribute in the assertion to the SP.
Related Links
Attachment 1 
Created ByRohit Shetty

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255