Difference between revisions of "Sentry SSO with Palo Alto"

From Swivel Knowledgebase
Jump to: navigation, search
 
(3 intermediate revisions by the same user not shown)
Line 8: Line 8:
  
 
== Setup SSO on Palo Alto ==
 
== Setup SSO on Palo Alto ==
 +
 +
'''SAML IDENTITY PROVIDER SERVER PROFILE IMPORT'''
 +
 +
* Profile Name: Swivel_sentry (example)
 +
 +
Identity Provider Configuration
 +
 +
* Identity Provider Metadata : Copy the Metadata from Sentry and import it to Palo Alto
 +
 +
After this you should get :
  
 
'''SAML IDENTITY PROVIDER SERVER PROFILE'''
 
'''SAML IDENTITY PROVIDER SERVER PROFILE'''
  
* Profile Name: Swivel_sentry (example)
+
* Profile Name: Swivel_sentry
  
 
Identity Provider Configuration
 
Identity Provider Configuration
Line 19: Line 29:
 
* Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint
 
* Identity Provider SSO URL : https://demo.swivelcloud.com/sentry/saml20endpoint
 
* Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout
 
* Identity Provider SLO URL : https://demo.swivelcloud.com/sentry/singlelogout
* SAML HTTP Binding for SSO Requests to IDP : Select Redirect
+
* SAML HTTP Binding for SSO Requests to IDP : Select Post
* SAML HTTP Binding for SLO Requests to IDP : Select Redirect
+
* SAML HTTP Binding for SLO Requests to IDP : Select Post
 
 
  Check : "Validate Identity Provider Certificate"
 
  
 
* Maximum Clock Skew (seconds) : 60
 
* Maximum Clock Skew (seconds) : 60
Line 52: Line 60:
 
* Entity ID :  
 
* Entity ID :  
 
* Federated Id : username
 
* Federated Id : username
 +
 +
== Login Steps ==
 +
 +
Click : User Single Sign-On
 +
 +
Swivel username then click continue...
 +
 +
Insert username then click submit
 +
 +
Authenticate with Swivel authentication method (Turing / PINPad...)

Latest revision as of 23:53, 24 January 2018


Setup AuthControl Sentry Keys

Before you are able to create a Single Sign On configuration on Google.com, you will need to setup some Keys. Please see a separate article: HowToCreateKeysOnCmi. You will need the certificate you generate in a later section of this article. This can be retrieved from the View Keys menu option of Swivel AuthControl Sentry.

Setup SSO on Palo Alto

SAML IDENTITY PROVIDER SERVER PROFILE IMPORT

  • Profile Name: Swivel_sentry (example)

Identity Provider Configuration

  • Identity Provider Metadata : Copy the Metadata from Sentry and import it to Palo Alto

After this you should get :

SAML IDENTITY PROVIDER SERVER PROFILE

  • Profile Name: Swivel_sentry

Identity Provider Configuration

  • Maximum Clock Skew (seconds) : 60


AUTHENTICATION PROFILE

  • Name : SAML

TAB : Authentication

  • Type : SAML
  • IdP Server Profile : Swivel_sentry
  • Certificate for Signing Requests :
 Check : "Enamble Single Logout"
  • Certificate Profile : Swivel

User Attributes in SAML Messages from IDP

  • Username Attribute : username

Sentry

  • Name : Palo Alto VM
  • Image : Palo Alto logo (png)
  • Poits : 100 (example)
  • Portal URL :
  • Endpoint URL :
  • Entity ID :
  • Federated Id : username

Login Steps

Click : User Single Sign-On

Swivel username then click continue...

Insert username then click submit

Authenticate with Swivel authentication method (Turing / PINPad...)