Working with a SAML Identity Provider for Remote Access VPN

In the R81.10.X releases, this feature is available starting from the R81.10.15 version.

This section provides commands to configure a SAML Identity Provider for Remote Access VPN on a Locally Managed Quantum Spark Gateway.

Note - For instructions for a Centrally Managed Quantum Spark Gateway, see the R81.10.X Quantum Spark Centrally Managed Administration Guide for 1500, 1600, 1800, 1900, 2000 Appliances.

Workflow for configuring a SAML Identity Provider

Step

Where to Perform this Step

Instructions

1

On the Quantum Spark Gateway

Run the "add identity-provider" command to generate the initial SAML Identity Provider settings.

2

On the Quantum Spark Gateway

Run the "show identity-provider" command to view the initial SAML Identity Provider settings:

  1. unique-identifier-url

  2. reply-url

3

In the SAML Identity Provider portal

Refer to the documentation for your SAML Identity Provider.

  1. Copy the value of "unique-identifier-url" from the Quantum Spark Gateway and paste it in the applicable Identifier field.

  2. Copy the value of "reply-url" from the Quantum Spark Gateway and paste it in the applicable Reply URL field.

  3. Save the configuration.

4

In the SAML Identity Provider portal

Refer to the documentation for your SAML Identity Provider.

Download the required information:

  • Download the Metadata XML file, if you plan to configure the SAML Identity Provider on the Quantum Spark Gateway using the Metadata XML file.

  • Download the Certificate file (Base64), if you plan to configure the SAML Identity Provider on the Quantum Spark Gateway manually.

5

On the Quantum Spark Gateway

Run the "set identity-provider" command to configure the SAML Identity Provider.

6

On the Quantum Spark Gateway

Run the "show identity-provider" command to view the final SAML Identity Provider settings:

  1. provider-id

  2. login-url