Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

VIDM as SP and IDP

May 31, 2017

VMware Identity Manager provides Identity management solution along with Single Sign ON functionality. 

 

Some times we have requirement of using VIDM as  SP (service provider ) and this service provide VIDM needs to use another VIDM  or any other 3rd party  solution as IDP for example Oracle Identity Management , Microsoft ADFS.  This configuration is also supported by VIDM.

 

  

 

Follow below steps to configure VIDM ad SP and IDP both. 

 

 

1) VIDM (IDP end configuration ) :   IDP end configuration pretty much remains the same as other SAAS or internal web application, We will basically create a new application by making use of SP metadata from second VIDM instance.

 

 

 

Go to catalog > add application > create a new application

 

 

 

Provide a name to your application (SP VIDM) , keep settings defaults and click next

 

on next page provide SP Metadata URL and save settings , it will automatically fetch all details and configure application accordingly.

 

we can either provide url if it failed with some error we can copy past metadata using second option.

 

 provide URL or copy past metadata using second option.

 

 save settings click next and add all users or any security group into entitlements.

 

 In Addition to this we have to configure some attributes that we will send in a SAML token so Application is able to identify  user details,

 

We will navigate to application configuration > scroll down and add attributes as mentioned in below screen shot

 

 

 

This is  configuration from VIDM as IDP.

 

2) VIDM (SP end configuration) :  now we will do configuration from VIDM  as application.

 

Ws-ui2.vclass.local is my Service provider (application IDM)

 

We have to configure a third Party IDP using IDP metadata from Identity provider VIDM.

 

navigate to identity & access management > click Manage and click Identity Providers > there click Add Identity Provider 

 

 Provide a name , copy paste IDP metadata and keep other things defaults in Name ID format.

 

Click option to enable Just-in-time User Provisioning (this option will help in time provisioning of user using SAML token)

 

provide directory name and domain scroll down more

 

 

in authentication methods put time as name and select time sync token in SAML context. (this time or the name given will be needed during provisioning access polity)

 

keep single sign-out configuration un changed. click add to finish configuration.

 

 

 

now go to Policies and click on default_Access_policy_Set

 

 
click on authentication method and select time as first method to login 

 

 

 configure TIME as first auth method and password (local directory ) as fall back and we are done with configuration from Service provider VIDM end. 

 

 

Now its time to launch SP VIDM from IDP VIDM portal. It will be single sign on to SP VIDM 

 

 

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Follow Us
Please reload

Search By Tags
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

Tel: +91-8879374285

 Bangalore INDIA 560076

© 2017-18 Xtra-V!rtual