Reset Search



KB22101 [AAA] SAML support on FIPS SA devices

« Go Back


Last Modified Date7/31/2015 10:24 PM
This article provides information on the support extended by FIPS devices for SAML.

Problem or Goal
Pulse Connect Secure supports SAML for SSO functionality to itself and backend servers. On FIPS devices, not all SAML functionalities are supported. This article defines what is supported on FIPS devices.
The SAML functionality is not integrated with how the private key is managed on FIPS devices. This causes any SAML functionality that requires access to the private key to fail.
SAML features on FIPS devices will work in the following scenarios:

When configuring the PCS as a Consumer/ServiceProvider:

To do this, configure a SAML Auth server on the PCS:
  • All SAML1.1 configurations will work.
  • The SAML2.0 configuration will work only if the signing and encryption of assertions is disabled (to do this, set the Select Device Certificate for Signing and Select Device Certificate for Encryption options to Not Applicable).

When configuring PCS as an IdentityProvider/Producer:

To do this, configure a SAML SSO policy on the PCS under Resource Policies > Web > SAML SSO.
  • SAML 1.1 will work only in Artifact Profile. POST profile is currently not supported.
  • SAML 2.0 will work only in Artifact Profile. POST profile is currently not supported.

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255