GridGuard SAML Configuration
Setup GridGuard SAML URL
- Hostname : Enter the user accessible hostname
- IdP Certificates: Generate a self-signed certificate or Import a PKCS12 file for SAML signing or SAML encryption.
Click on "Apply Changes"
Adding ADFS as a SAML Service Provider
Right click on "SAML Configuration" and click on "+Add" to add a new SAML Service Provider. Then fill out the new form with the appropirate following data
- Service Provider Name : Admin generated identifier
- Signing Certificate : Select an installed x509 certificate for SAML assertion signing
- Import SP Metadata: Unload XML Metadate for the SP. In this case it is ADFS.
- Import SP Metadata URL : Directly download XML Metadata from the SP. This requires the GGVA device to have direct access to the ADFS server.
- Entity Id : <Filled in by metadata>
- ACS URL : <Filled in by metadata>
- Validity Time : Set appropriately
- Realm : Select Realm identifier to associate with this SAML SP.
- Name Identifier : Select 'userPrincipleName'
- Sign Encryption : Check
- Encrypt Assertion : <Optional>
- Attribute Mapping :
- Add Attribute Mapping
- Name : UPN
- Value : userPrincipalName
- Data Type : String
- Add Attribute Mapping
- Name : objectGUID
- Value : objectGUID
- Data Type : Base64 encoded binary data
- Add Attribute Mapping
Click on "Service Provider" and then press "Apply Changes"
Reference URLs
Switch to the URL tab. Now copy down the Metadata URL. It will be needed in the ADFS configuration.