Online Help

SafeNet Trusted Access for Barracuda Web Application Firewall (WAF) Help

Overview

Configuring SafeNet Trusted Access for Barracuda WAF is a three-step process:

1.Barracuda WAF setup

2.SafeNet Trusted Access setup

3.Verify authentication

Barracuda WAF Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download Metadata file button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Barracuda WAF:

1.Login in to Barracuda WAF as an administrator using the http://<Domain Name or IP Address of your Barracuda WAF Appliance>:8000 URL.

2.On the administrator console, click BASIC > Services.

3.Under Add New Service, perform the following steps:

a.In the Service Name field, enter a name for the service.

b.In the Type field, select HTTPS.

c.In the Virtual IP Address field, enter the virtual IP address that will be used for accessing this service.

d.In the Port field, enter the port number on which your web server responds.

e.In the Real Servers field, enter the IP address of the server that hosts the service. This is the back-end server that is protected by the Barracuda WAF.

f.In the Certificate field, select the certificate that you uploaded / generated for this service.

g.Click Add.

4.On administrator console, click ACCESS CONTROL > Authentication Service.

5.Under New Authentication Service, click the SAML Identity Provider tab.

6.On SAML Identity Provider tab, perform the following steps:

a.In the Realm Name field, enter a name for the realm (for example, Demo_real).

b.In the Identity Provider Name field, enter a name for the identity Provider (for example, SafeNet).

c.In the Identity Provider Metadata Type field, select the File Upload option.

d.In the Metadata File Upload field, click Browse to search and search the metadata that you download earlier from the SafeNet Trusted Access console.

e.Click Add.

7.On the administrator console, click ACCESS CONTROL > Authentication Policies.

8.On the Authentication Polices window, in the Name column, expand default policy, in the Options column, click Edit Authentication.

9.On the Edit Authentication window, under Edit Authentication Policy, perform the following steps:

a.In Status field, select the On option.

b.In Authentication Service field, select the authentication service (for example, Demo_Real) that you created earlier in step 6 (a).

c.Click Save.

10.In the Options column, click Edit Authentication.

11.On the Edit Authentication window, under SAML Service Provider Configuration, perform the following steps:

a.In the Organization Name field, enter your organization (for example, safenet), this name will be used when Barracuda WAF sends SAML requests to the IdP.

b.In the Organization URL field, enter the URL of the organization (for example, https://www.safenet.com).

c.In the Organization Display Name field, enter a name to be displayed to the users who access the service (for example, safenet).

d.In the SP Entity ID field, enter either the fully qualified domain name or IP Address of Barracuda WAF appliance (for example, https://waf.example.com/)

e.In the Singing Certificate field, select your signing certificate, which will be used for signing the SAML requests.

f.In the Encryption Certificate field, select your encryption certificate, which will be used for encrypting the SAML assertions.

g.Enter values in rest of the fields as per your preferred configuration.

h.Click Save.

12.On the Authentication Polices window, in the Actions column, click Add Authorization.

13.On the Add Authorization Policy window, under Add Authorization Policy, perform the following steps:

a.In the Policy Name field, enter a name for the policy (for example, SAML_Policy).

b.In the Status field, select the On option.

c.In the URL Match field, enter the URL that needs to be matched in the request. Any request matching the configured “URL” and “Host” is subjected to the SAML authentication.

For example, if the web server URL is https://www.safenet.com/test1, then the URL Match can be one of the following: "/test1” or “/*

d.In the Host Match field, enter the host name to be matched against the host in the request.

For example, if the web server URL is "https://www.safenet.com", then the Host Match should be www.safenet.com.

e.In the Enable Signing on AuthRequest field, select the Yes option.

f.In the Digest Algorithm field, select SHA-256.

g.Enter values in rest of the fields as per your preferred configuration.

h.Click Save.

14.On the Authentication Polices window, under Metadata, click Generate and save the Barracuda WAF metadata (in the .xml format) on your local machine.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Barracuda WAF, the second step is to activate the Barracuda WAF application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Barracuda WAF application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Barracuda WAF) and proceed to the next step.

2.Under STA Setup, click Upload Barracuda WAF Metadata.

3.On the Metadata upload window, click Browse to search and select Barracuda WAF metadata that you downloaded earlier in step 14 of Barracuda WAF Setup.

Under Account Details, the service provider metadata information is displayed .

4.Under User Portal Settings, in the SERVICE LOGIN URL field, enter the application login URL (for example, https://waf.example.com) that is protected on Barracuda WAF.

5.Click Save Configuration to save the details and activate the Barracuda WAF application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to your Barracuda WAF virtual host URL (for example, https://waf.example.com/). You will be redirected to your SafeNet Trusted Access sign-in page to complete the sign-on process. On the SafeNet Trusted Access sign-in page, enter your authentication credentials. You should be able to access your protected resources successfully.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Barracuda WAF application icon. You should be successfully logged in to the Barracuda WAF application after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.