Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices...
Transcript of Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices...
![Page 1: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/1.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Best Practices –WatchGuard Access Portal –
SAML
Best Practices –WatchGuard Access Portal –
SAML
1
Thorsten StedingSales Engineer, Central Europe
![Page 2: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/2.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Service in Total Security!
2
![Page 3: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/3.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal
HTML5 application portal– HTML5, clientless
– Web-application
SSO to Access Portal– SAML 2.0
– RADIUS, AD, Firebox-DB, …
3
Privileged• RDP• SSH
Privileged• RDP• SSHPlatforms
M370 M670
M400 M4600
M470 M5600
M500 Firebox Cloud
M570 FireboxV
![Page 4: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/4.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal:SAML Configuration Example
Access Portal:SAML Configuration Example
4
![Page 5: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/5.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Security Assertion Markup Language (SAML)
5
SAML ist ein XML-Framework zum Austausch von Authentifizierungs- und Autorisierungsinformationen. Sie stellt Funktionen bereit, um sicherheitsbezogene Informationen zu beschreiben und zu übertragen.
Browser Single Sign-on:
Ein Benutzer ist nach der Anmeldung an einer Webanwendung automatisch auch zur Benutzung weiterer Anwendungen authentisiert.Autorisierungsdienste die Kommunikation mit einem Dienst läuft über eine Zwischenstation, den Identity Provider, der die Berechtigung überprüft.
Quelle:Wikipedia
![Page 6: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/6.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
6
SAML 2.0 Workflow
![Page 7: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/7.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal with SAML integration
7
UserUser
AuthPointPrivileged
• RDP• SSH
Privileged
• RDP• SSH
SPSPIdPIdP
![Page 8: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/8.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal (SP) + AuthPoint
Access SP metadata from Firebox SAML settings page:
– Expect form https:// [customizable URL name] /auth/saml for SP metadata
8
The hostname is customizable and
determines URL of SP metadata for IdP
![Page 9: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/9.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal + AuthPoint
Proceeding to the custom URL for SAML from the Firebox, should provide the following page data:
– Click on ‘Download Certificate’ and save to familiar file directory
9
Identifies the SP to the IdP
ACS URL for posting of IdP response from an
SP
![Page 10: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/10.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
SAML Single Sign-On over AuthPoint
10
![Page 11: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/11.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Zwei Faktor Authentifizierung
11
![Page 12: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/12.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal
Applications tabs
12
![Page 13: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/13.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
Access Portal
Web applications tab
13
![Page 14: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/14.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
DemoDemo
14
![Page 15: Access Portal - SAML Best Practices · Microsoft PowerPoint - Access Portal - SAML Best Practices Author: Thorsten Steding Created Date: 5/22/2018 4:48:20 PM ...](https://reader033.fdocuments.in/reader033/viewer/2022042920/5f65ab9625a22244c7627412/html5/thumbnails/15.jpg)
Copyright ©2017 WatchGuard Technologies, Inc. All Rights Reserved
15