Online Help

SafeNet Trusted Access for Xton Access Manager

Overview

Configuring SafeNet Trusted Access for Xton Access Manager is a three-step process:

1.Xton Access Manager setup

2.SafeNet Trusted Access setup

3.Verify authentication

Xton Access Manager Setup

As pre-requisites,

Xton Access Manager (XTAM) is installed and secured with a trusted SSL certificate, using the Federated Sign-In module.

Download the identity provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

 

Perform the following steps to configure SafeNet Trusted Access as your identity provider in Xton Access Manager:

1.Open the <XTAM HOME>/content/keys folder, where <XTAM HOME> is the location where Xton Access Manager is installed.

For example, C:/xtam/content/keys

2.Copy the identity provider metadata file that you have downloaded earlier from the SafeNet Trusted Access console and paste the file at the location mentioned in the previous step.

3.Rename the metadata file as per your preferred configuration (for example, safenet_metadata.xml).

4.In a text editor, open the catalina.properties file that is located at the <XTAM HOME>/web/conf/catalina.properties path, where <XTAM HOME> is the location where Xton Access Manager is installed.

For example, C:/xtam/web/conf/catalina.properties

5.In the catalina.properties file, locate the # CAS section and add the lines (given in the table) at the end of the section:

Line Example
cas.server.name=<Managed Path>

 

Where, <Managed Path> is the application's secured URL that you have entered during the XTAM installation.

cas.server.name=https://safenet.company.com:6443


cas.server.prefix=<Managed Path>/cas

 

Where, <Managed Path> is the application's secured URL that you have entered during the XTAM installation.

cas.server.prefix=https://safenet.company.com:6443/cas

cas.authn.pac4j.saml[0].clientName=<Client Name>

 

Where, <Client Name> is the name of the IdP that will be displayed on the login page.

cas.authn.pac4j.saml[0].clientName=SafeNet IDP
cas.authn.pac4j.saml[0].serviceProviderEntityId=<Managed Path>

Where, <Managed Path> is the application's secured URL that you have entered during the XTAM installation. This value will act as the Service Provider Entity ID.
cas.authn.pac4j.saml[0].serviceProviderEntityId=https://safenet.company.com:6443
cas.authn.pac4j.saml[0].serviceProviderMetadataPath=<XTAM Metadata Path>

Where, <XTAM Metadata Path> is the path and the name for the XTAM metadata file. The metadata will be auto-generated at this path.
cas.authn.pac4j.saml[0].serviceProviderMetadataPath= C:/xtam/content/keys/xtam_metadata.xml
cas.authn.pac4j.saml[0].keystorePath=<SAML Keystore File>

Where, <SAML Keystore File> is the path and the name for the XTAM auto-generated key (in the .jks format) for SAML. The key will be auto-generated at this path.
cas.authn.pac4j.saml[0].keystorePath=C:/xtam/content/keys/samlKeystore.jks
cas.authn.pac4j.saml[0].keystorePassword=<Keystore Password>

 

Where, <Keystore Password> is the password to be created for the keystore file.

cas.authn.pac4j.saml[0].keystorePassword=Password1!
cas.authn.pac4j.saml[0].privateKeyPassword=<Private Key Password>

 

Where, <Private Key Password> is the password to be created for the private key.
cas.authn.pac4j.saml[0].privateKeyPassword=Temp123#
cas.authn.pac4j.saml[0].identityProviderMetadataPath=<IDP Metadata Path>

 

Where, <IDP Metadata Path> is the path and name of the IdP metadata that you pasted earlier in the <XTAM HOME>/content/keys folder. Here, <XTAM HOME> is the location at which Xton Access Manager is installed.


cas.authn.pac4j.saml[0].identityProviderMetadataPath=C:/xtam/content/keys/safenet_metadata.xml
cas.authn.pac4j.saml[0].destinationBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST N.A

6.Save and close the catalina.properties file.

7.Run the following commands on the XTAM server machine to restart the PamManagement (for Windows) or pammanager (for Linux) services:

For Windows:

net stop PamManagement & net start PamManagement

For Linux:

service pammanager restart

Note:  The server may take up to five minutes to restart all the XTAM services.

8.For generating SAML Keystore and XTAM metadata files, open a browser and go to the XTAM login page, using the <Managed Path>/xtam URL, where <Managed Path> is the application's secured URL that you have entered during XTAM installation.

For example, https://safenet.company.com:6443/xtam

9.Open the File Explorer, go to <XTAM HOME>/content/keys folder, where <XTAM HOME> is the location at which Xton Access Manager is installed.

For example, c:/xtam/content/keys

10.Ensure that the SAML Keystore file (for example, samlKeystore.jks) and XTAM metadata file (for example, xtam_metadata.xml) are created. You will need the XTAM metadata file while configuring SafeNet Trusted Access.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Xton Access Manager, the second step is to activate the Xton Access Manager application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Xton Access Manager application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Xton Access Manager) and proceed to the next step.

2. Under STA Setup, perform the following steps:

a.Click Upload Xton Access Manager Metadata.

b.On the Metadata upload window, click Browse to search and select the Xton Access Manager metadata that you generated in step 8 of Xton Access Manager Setup.

Under Account details service provider metadata information is displayed.

c.In the NAME ID field, select the attribute (for example, SAS User ID) whose value you want to send to Xton Access Manager in the SAML assertion. The value of the attribute must be same as the value of the Login field in Xton Access Manager. The attribute's value is used for mapping at the time of user's login to Xton Access Manager.

d.Under User Portal Settings, in the SERVICE LOGIN URL field, enter <Managed Path>/xtam, where <Managed Path> is the application's secured URL that you entered during XTAM installation.

For example, https://safenet.company.com:6443/xtam

e.Click Save Configuration to save the details and activate the Xton Access Manager application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Xton Access Manager login URL, <Managed Path>/xtam, where <Managed Path> is the application's secured URL that you entered during XTAM installation.

For example, https://safenet.company.com:6443/xtam.

Click <Client Name>, where <Client Name> is the IdP name (for example, SafeNet IDP).

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Xton Access Manager application after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click on the Xton Access Manager application icon, you will be redirected to the Xton Access Manager login page. Click <Client Name>, where <Client Name> is the IdP name (for example, SafeNet IDP). You will be redirected to Xton Access Manager dashboard.

 

© 2019 SafeNet Trusted Access. Various trademarks held by their respective owners.