Online Help

SafeNet Trusted Access for Cloud Foundry

Overview

Configuring SafeNet Trusted Access for Cloud Foundry is a three-step process:

1.Cloud Foundry setup

2.SafeNet Trusted Access setup

3.Verify Authentication

Cloud Foundry Setup

As a prerequisite, download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Cloud Foundry:

1.Copy the Create Identity Provider command in a text editor and fill the parameters with their corresponding value as mentioned below:

uaac curl /identity-providers?rawConfig=true -X POST -H 'Content-Type: application/json' -d '{ "type" : "saml", "config" : { "emailDomain" : null, "providerDescription" : null, "externalGroupsWhitelist" : [ ], "attributeMappings" : { "email" : "EmailAddress", "given_name" : "FirstName", "family_name" : "LastName", "external_groups" : "Groups" }, "addShadowUserOnLogin" : true, "storeCustomAttributes" : true, "metaDataLocation" : "<Escaped JSON String >", "nameID" : "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "assertionConsumerIndex" : 0, "metadataTrustCheck" : false, "showSamlLink" : true, "linkText" : "<Label Name >", "iconUrl" : null, "groupMappingMode" : "AS_SCOPES", "skipSslValidation" : true, "authnContext" : null, "socketFactoryClassName" : null }, "originKey" : "<Unique Alias>", "name" : "<Identity Provider Name >", "active" : true }'

Refer, the table below to know about Escaped JSON String, Label Name, Unique Alias, and Identity Provider Name parameters:

Parameter Description and Value
Escaped JSON String Copy the contents of the metadata file, you downloaded earlier and use any JSON formatting tool to escape JSON string. Next, copy it to a text editor.
Label Name Enter a label of your choice for the SAML login button.

For example: SafeNet IDP
Unique Alias A unique alias for the SAML provider.

For example: SafeNet
Identity Provider Name Enter the Identity Provider name.

For example: SafeNet

2.In UAA console, run the Create Identity Provider command.

Obtaining Metadata

To obtain the Cloud Foundry metadata, open the following URL in a web browser: <Identity Zone URL>/uaa/saml/metadata. Here, Identity Zone URL is your company identity zone, registered in Cloud Foundry. For example, http://localhost:8080/uaa/saml/metadata. Copy this metadata and save it on your local machine.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Cloud Foundry, the second step is to activate the Cloud Foundry application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, you will notice that the Cloud Foundry application, you added earlier is currently in inactive state by default. To configure and activate this application, click the application (for example, Cloud Foundry) and proceed to the next step.

2.Under STA Setup, click Upload Cloud Foundry Metadata.

3.On the Metadata upload window, click Browse to search and select Cloud Foundry metadata, you downloaded earlier in Obtaining Metadata section.

4.Under Account Details, the service provider metadata information is displayed.

5.Click Save Configuration to save the details and activate the Cloud Foundry application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Cloud Foundry login URL using <Identity Zone URL>/uaa. Here, Identity Zone URL is your company Identity zone registered in Cloud Foundry (For example, http://localhost:8080/uaa). At the bottom, click <Label Name> (For example, SafeNet IDP), you will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Cloud Foundry application after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Cloud Foundry application icon, you should be redirected to the Cloud Foundry application after authentication.

© 2018 SafeNet Trusted Access. Various trademarks held by their respective owners.