MyTechReference - Technical Notes


by IDAMGroup

NetIQ Access Manager SSO with Ceridian

Novell/NetIQ SAML 2.0 SSO with Ceridian application

In this post i am going to show you how Ceridian application will be integrated with Novell/NetIQ Access Manager using SAML2.0 federation protocol. In this Novell Access Manager will be configured as an Identity Provider and Ceridian will be Service Provider.

Ceridian integration will be IdP initiated web SSO, where user will access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian. And they will be prompted for authentication. Once the authentication is successful they will redirected Ceridian target page.

  • NAM Version : 3.2
  • OS : Sles 11 sp2 b4bit

Idp Initiated SSO Flow

Ceridian_SSO

  1. When user access the IdP initiated URL  https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian
  2. Identity Provider will prompt for authentication.
  3. User enters the credentials.
  4. On successful authentication Identity Provider send SAML Response with Assertion containing users GivenName to Service Provider (Ceridian) Note: I have used in this example as GivenName you should use are per your requirement.
  5. Ceridian validate the SAML Assertion against its user store.
  6. Once the validation is successful it will redirect the Ceridian home page.

 What to get from Service Provider

  • Ceridian application Metadatafile
  • Ceridian application trusted root
  • Ceridian landing/target page

What to give

  • NAM Metadata (https://login.mytechreference.com/nidp/saml2/metadata)
  • NAM trusted root (Export the trusted root of  http://login.mytechreference.com )

Below are the steps required to configure the SAML2.0 Federation with ceridian application.

  1. Configure the Shared Attribute
  2. Create SAML2.0 Service Provider
    • Select the Attributes to send along with authentication
    • Select Authentication response
    • Configure the Inter site Transfer URL

 Shared Attribute

  •  Create Attribute set which will be shared with Service Provider

 Identity Servers–>Shared Settings

Ceridian_SAML_1

Click new and create “GivenName ” attribute which will be shared with Ceridian application.

Ceridian_SAML_2

 Select Local attribute as “GivenName”
Remote attribute  :”http://claims.ceridian.com/inView/2010/version1.0/Name”     ( here Ceridian application expecting GivenName attribute to be mapped to applications Name attribute)

  • Ceridian_SAML_3 Click Ok and Update the Identity Server.

 Create Service Provider

  •  Identity Servers–> Edit–>SAML2.0–>Trusted Providers–>Service Provider

concur_SAML_6

  •  Select the Source as Metadata Text and copy and paste the Ceridian metadata in the Text area section.

Ceridian_SAML_6

  • Click next, verify the certificate and click Ok
  • Now select the newly created Service Provider (Ceridian)
  • Ceridian –> Attribute tab.
  • From the Attribute set select the “ceridian” and move the attribute from “Available” section to “Send with authentication” section

Ceridian_SAML_4

  • Click Authentication Response tab and select the Binding as “POST” and select the Unspecified and make it as Default value.

Ceridian_SAML_7

 

  •  Click the Intersite Transfer Service tab and provide the following details

ID : Ceridian
Target : https://sss2.ceridian.com/ClassicSelfServiceWIF/Default.aspx

Ceridian_SAML_5

  • Click Ok and update the Identity Server.

IdP Initiated URL

Now access the IDP Initiated URL as https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian

NetIQ Access Manager prompts you for the password and once the authentication is successful it will redirect to the Intersite Transfer Service URL https://sss2.ceridian.com/ClassicSelfServiceWIF/Default.aspx

---------------------------------------------------------------------------------------------------------------------------------------------

Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.