LATEST VERSION: 1.4 - CHANGELOG
Single Sign-On v1.4

Configure CA Single Sign-On as an Identity Provider

This topic describes how to set up CA Single Sign-On as your identity provider by configuring SAML integration in both Pivotal Cloud Foundry (PCF) and CA Single Sign-On.

Set up SAML in PCF

  1. Log in to the Single Sign-On (SSO) dashboard at https://p-identity.YOUR-SYSTEM-DOMAIN as a Plan Administrator.
  2. Select your plan and click Manage Identity Providers on the drop-down menu.

    Ca sso manage id providers

  3. Click Configure SAML Service Provider.

    Ca sso config saml service provider

  4. (Optional) Select Perform signed authentication requests to enforce SSO private key signature and identity provider validation.

    Saml auth checkbox

  5. (Optional) Select Require signed assertions to validate the origin of signed responses.

  6. Click Download Metadata to download the service provider metadata.

  7. Click Save.

Set up SAML in CA Single Sign-On

  1. Sign in as a CA Single Sign-On administrator.

  2. Click the Federation tab.

  3. Click on the Entities link.

  4. Click the Create Entity button and perform the following steps:

    1. Select Local for Entity Location.
    2. Select SAML2 IDP for New Entity Type.
    3. Click the Next button.
  5. In the Entities section, perform the following steps:

    1. Enter an Entity ID.
    2. Enter an Entity Name.
    3. Enter a Description.
    4. Enter the fully-qualified domain name for your CA Single Sign-On as the Base URL.
    5. Select or import a Signing Private Key Alias.
    6. Select a Name ID format.
    7. Click the Next button.
  6. Confirm the Entity Details and click the Finish button.

    Ca sso local entity

  7. Click the Federation tab.

  8. Click on the Entities link.

  9. Click the Import Metadata button and perform the following steps:

    1. Click Browse and select the downloaded metadata for Metadata file.
    2. Select Remote Entity for Import As.
    3. Select Create New for Operation.
    4. Click the Next button.
  10. In the Select Entity Defined in Metadata File section, perform the following steps:

    1. Enter an Entity Name.
    2. Click the Next button.
  11. In the Select Key Entries to Import section, perform the following steps:

    1. Enter an Alias.
    2. Click the Next button.
  12. Confirm the Entity Details and click the Finish button.

    Ca sso remote entity

  13. Click on the Federation tab.

  14. Click Create Partnership and select SAML2 IDP -> SP.

  15. In the Configure Partnership section, perform the following steps:

    1. Enter a Partnership Name.
    2. Enter a Description.
    3. Select a previously created local entity for Local IDP.
    4. Select a previously created remote entity for Remote SP.
    5. Enter a Skew Time.
    6. Add any User Directories.
    7. Click the Next button.

    Ca sso partnership

  16. Configure Federation Users by adding the users you want to include in the partnership and click Next.

    Ca sso federation

  17. In the Assertion Configuration section, perform the following steps:

    1. Select a Name ID Format.
    2. Select User Attribute as the Name ID Type.
    3. Enter mail as the Value.
    4. (Optional) Under Assertion Attributes, specify any application or group attributes that you want to map to users in the ID token.

      Note: The value for sending a user’s groups is FMATTR:SM_USERGROUPS.
    5. Click the Next button.

    Ca sso assertion

  18. In the SSO and SLO section, perform the following steps:

    1. Enter the Authentication URL.
    2. Select HTTP-Post for SSO Binding.
    3. Select Both IDP and SP initiated for Transactions Allowed.
    4. Click the Next button.

    Ca sso sso slo

  19. In the Signature and Encryption section, perform the following steps:

    1. Select your key alias for Signing Private Key Alias.
    2. Select your certificate alias for Verification Certificate Alias.
    3. Click the Next button.

    Ca sso signature

  20. Confirm the Partnership Details and click the Finish button.

  21. Click the Action button and click Activate.

    Ca sso activate

  22. Click the Action button and click Export Metadata.

Create a pull request or raise an issue on the source for this page in GitHub