Reset Search
 

 

Article

KB22101 [AAA] SAML support on FIPS SA devices

« Go Back

Information

 
Last Modified Date7/31/2015 10:24 PM
Synopsis
This article provides information on the support extended by FIPS devices for SAML.

 
Problem or Goal
Pulse Connect Secure supports SAML for SSO functionality to itself and backend servers. On FIPS devices, not all SAML functionalities are supported. This article defines what is supported on FIPS devices.
Cause
The SAML functionality is not integrated with how the private key is managed on FIPS devices. This causes any SAML functionality that requires access to the private key to fail.
Solution
SAML features on FIPS devices will work in the following scenarios:

When configuring the PCS as a Consumer/ServiceProvider:

To do this, configure a SAML Auth server on the PCS:
 
  • All SAML1.1 configurations will work.
 
  • The SAML2.0 configuration will work only if the signing and encryption of assertions is disabled (to do this, set the Select Device Certificate for Signing and Select Device Certificate for Encryption options to Not Applicable).
     



When configuring PCS as an IdentityProvider/Producer:

To do this, configure a SAML SSO policy on the PCS under Resource Policies > Web > SAML SSO.
 
  • SAML 1.1 will work only in Artifact Profile. POST profile is currently not supported.
 
  • SAML 2.0 will work only in Artifact Profile. POST profile is currently not supported.
     

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255