Working with a SAML Identity Provider for Remote Access VPN

In the R81.10.X releases, this feature is available starting from the R81.10.15 version.

This section provides commands to configure a SAML Identity Provider for Remote Access VPN on a Locally Managed Spark Firewall Gateway.

Note - For instructions for a Centrally Managed Spark Firewall Gateway, see the R81.10.X Spark Firewall Centrally Managed Administration Guide for 1500, 1600, 1800, 1900, 2000 Appliances.

Workflow for configuring a SAML Identity Provider

Step

Where to Perform this Step

Instructions

1

On the Spark Firewall

Run the "add identity-provider" command to generate the initial SAML Identity Provider settings.

2

On the Spark Firewall

Run the "show identity-provider" command to view the initial SAML Identity Provider settings:

  1. unique-identifier-url

  2. reply-url

3

In the SAML Identity Provider portal

Refer to the documentation for your SAML Identity Provider.

  1. Copy the value of "unique-identifier-url" from the Spark Firewall Gateway and paste it in the applicable Identifier field.

  2. Copy the value of "reply-url" from the Spark Firewall Gateway and paste it in the applicable Reply URL field.

  3. Save the configuration.

4

In the SAML Identity Provider portal

Refer to the documentation for your SAML Identity Provider.

Download the required information:

  • Download the Metadata XML file, if you plan to configure the SAML Identity Provider on the Spark Firewall Gateway using the Metadata XML file.

  • Download the Certificate file (Base64), if you plan to configure the SAML Identity Provider on the Spark Firewall Gateway manually.

5

On the Spark Firewall

Run the "set identity-provider" command to configure the SAML Identity Provider.

6

On the Spark Firewall

Run the "show identity-provider" command to view the final SAML Identity Provider settings:

  1. provider-id

  2. login-url