by IDAMGroup
NetIQ Access Manager SSO with Ceridian
Novell/NetIQ SAML 2.0 SSO with Ceridian application
In this post i am going to show you how Ceridian application will be integrated with Novell/NetIQ Access Manager using SAML2.0 federation protocol. In this Novell Access Manager will be configured as an Identity Provider and Ceridian will be Service Provider.
Ceridian integration will be IdP initiated web SSO, where user will access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian. And they will be prompted for authentication. Once the authentication is successful they will redirected Ceridian target page.
- NAM Version : 3.2
- OS : Sles 11 sp2 b4bit
Idp Initiated SSO Flow
- When user access the IdP initiated URL https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian
- Identity Provider will prompt for authentication.
- User enters the credentials.
- On successful authentication Identity Provider send SAML Response with Assertion containing users GivenName to Service Provider (Ceridian) Note: I have used in this example as GivenName you should use are per your requirement.
- Ceridian validate the SAML Assertion against its user store.
- Once the validation is successful it will redirect the Ceridian home page.
What to get from Service Provider
- Ceridian application Metadatafile
- Ceridian application trusted root
- Ceridian landing/target page
What to give
- NAM Metadata (https://login.mytechreference.com/nidp/saml2/metadata)
- NAM trusted root (Export the trusted root of http://login.mytechreference.com )
Below are the steps required to configure the SAML2.0 Federation with ceridian application.
- Configure the Shared Attribute
- Create SAML2.0 Service Provider
- Select the Attributes to send along with authentication
- Select Authentication response
- Configure the Inter site Transfer URL
Shared Attribute
- Create Attribute set which will be shared with Service Provider
Identity Servers–>Shared Settings
Click new and create “GivenName ” attribute which will be shared with Ceridian application.
Select Local attribute as “GivenName”
Remote attribute :”http://claims.ceridian.com/inView/2010/version1.0/Name” ( here Ceridian application expecting GivenName attribute to be mapped to applications Name attribute)
Create Service Provider
- Identity Servers–> Edit–>SAML2.0–>Trusted Providers–>Service Provider
- Select the Source as Metadata Text and copy and paste the Ceridian metadata in the Text area section.
- Click next, verify the certificate and click Ok
- Now select the newly created Service Provider (Ceridian)
- Ceridian –> Attribute tab.
- From the Attribute set select the “ceridian” and move the attribute from “Available” section to “Send with authentication” section
- Click Authentication Response tab and select the Binding as “POST” and select the Unspecified and make it as Default value.
- Click the Intersite Transfer Service tab and provide the following details
ID : Ceridian
Target : https://sss2.ceridian.com/ClassicSelfServiceWIF/Default.aspx
- Click Ok and update the Identity Server.
IdP Initiated URL
Now access the IDP Initiated URL as https://login.mytechreference.com/nidp/saml2/idpsend?id=Ceridian
NetIQ Access Manager prompts you for the password and once the authentication is successful it will redirect to the Intersite Transfer Service URL https://sss2.ceridian.com/ClassicSelfServiceWIF/Default.aspx
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.