Older versionVersion 2.4Authenticators - HTTPSAML - NetID Access Server (NIAS) authentication

SAML - NetID Access Server (NIAS) authentication

The purpose of this document is to describe how to configure PhenixID server for federation with SAML2 using NetID Access Server as an authentication method for PhenixID server.

NB! This authenticator IS NOT shipped with the product. Please contact PhenixID support for more information on how to download and install this authenticator.

Prerequisites

  • PhenixID Server configured according to this instruction: "Federation - Username and password"
  • Commercial agreement with NetID Access Server
  • Access to NetID Access Server infrastructure from the PhenixID Server

Convert the Federation - Username and Password scenario to SAMLNias

Open the Advanced tab and locate the Authentication - HTTP entry that was configured in the previous "Federation - Username and password" scenario.

Change the value of the name parameter from "PostUidAndPasswordSAML" to "SAMLNias"

Click the plus sign next to "configuration" to add new parameters

Set "loginTemplate" = "nias.template"

Set "wsdlLocation" = "<URL_to_NIAS_WSDL>"

Set "translationKey" = "login.messages.information.body.cm"

Set "headingtranslationKey" = "login.messages.information.header.cm"

Set "title" = "login.messages.information.title.cm"

 

NB! [Optional] Set these parameters to use mutual TLS against the NIAS endpoint.

Set "nias_keystore_path" = <Full_filepath_to_p12_file>

Set "nias_keystore_password" = <Filepath to p12/private key>

"nias_keystore_path": "/opt/PhenixID/Server/fs3_5oct/keys/bhull.p12",

"nias_keystore_password": "{enc}yxgVwSr3pOI8rnoQsII0WGVKS6Q3oawFs5j42VQm++A="

Click Stage changes

Configuration example

Configure the execution flow used for the SAML assertion to suit your needs

  1. Open the Execution flow tab and expand the flow.
  2. Delete the valve #1 (InputParameterExistsValidatorValve) and valve #3 (LDAPBindValve)
  3. Expand (Show) the LDAPSearchValve and modify the search filter to fetch users where serialNumber=<PersonalIdentificationNumber From NetID Access Server>: filter_template = serialNumber={{request.username}}
  4. Add a parameter for attributes to fetch for the matched LDAP entry: attributes = serialNumber,sAMAccountName
  5. Expand (Show) the AssertionProvider and modify nameIDAttribute parameter: nameIDAttribute = serialNumber
  6. Click Save