set identity-provider

In the R81.10.X releases, this command is available starting from the R81.10.15 version.

Description

Configures the settings for a SAML Identity Provider for authentication of Remote Access VPN users on a Quantum Spark Gateway.

You can import the settings from a Metadata XML file or enter the settings manually.

Important - You must follow the steps inWorkflow for configuring a SAML Identity Provider.

Note - Versions R81.10.15 and higher support only Microsoft Entra ID (formerly Azure AD).

See:

In WebUI, this corresponds to:

  1. Click the VPN view > Remote Access section > Authentication Servers page.

  2. In the Identity Provider section, click Configure.

Syntax

You can select only one method to import data

To import data from the Metadata XML file:

set identity-provider provider-name <Name of Identity Provider>

      import-metadata-method import-metadata-from-file metadata-file <Base64 Content of Metadata XML File>

      [override-ddns-ip-address {false | true ddns-or-ip-address <DDNS or IP Address>}]

To import data from the Certificate file:

set identity-provider provider-name <Name of Identity Provider>

      import-metadata-method import-metadata-manually certificate <Base64 Content of Certificate File> login-url <Provider Login URL> provider-id <Provider Identifier>

      [override-ddns-ip-address {false | true ddns-or-ip-address <DDNS or IP Address>}]

Parameters

Parameter

Description

provider-name

Specifies the name of the Identity Provider.

Press the TAB key to see the available options.

The name of the default SAML Identity Provider is "IDP_SAML".

import-metadata-from-file

Imports the required settings for a SAML Identity Provider from a Metadata XML file.

  1. Download the Metadata XML file from the SAML Identity Provider portal.

  2. Convert the entire contents of the Metadata XML file to Base64 with padding.

    Example for Notepad++:

    1. Open the Metadata XML file in Notepad++.

    2. Select the entire content (press the CTRL+A keys).

    3. Click the Plugins menu > click the MIME Tools menu > click Base64 Encode with padding.

    4. Select the entire content (press the CTRL+A keys).

    5. Copy the entire content (press the CTRL+C keys).

  3. In an advanced text editor, prepare the CLI syntax:

    set identity-provider provider-name <Name of Identity Provider> import-metadata-method import-metadata-from-file metadata-file <Base64 Content of Metadata XML File> [override-ddns-ip-address <options>]

  4. On the Quantum Spark Gateway, paste the CLI syntax and press the Enter key.

import-metadata-manually

Manually configures the required settings for a SAML Identity Provider.

  1. Download the Provider Certificate file from the SAML Identity Provider portal.

  2. Copy the Login URL from the SAML Identity Provider portal.

  3. Copy the Provider Identifier from the SAML Identity Provider portal.

  4. Convert the entire contents of the Certificate file to Base64 with padding.

    You must perform this step even if the SAML Identity Provider portal provides the Certificate file in the Base64 format.

    Example for Notepad++:

    1. Open the Certificate file in Notepad++.

    2. Select the entire content (press the CTRL+A keys).

    3. Click the Plugins menu > click the MIME Tools menu > click Base64 Encode with padding.

    4. Select the entire content (press the CTRL+A keys).

    5. Copy the entire content (press the CTRL+C keys).

  5. In the advanced text editor, prepare the CLI syntax:

    set identity-provider provider-name <Name of Identity Provider> import-metadata-method import-metadata-manually certificate <Base64 Content of Certificate File> login-url <Provider Login URL> provider-id <Provider Identifier> [override-ddns-ip-address <options>]

  6. On the Quantum Spark Gateway, paste the CLI syntax and press the Enter key.

override-ddns-ip-address

Optional.

Specifies whether to override ("true" - requires the value) or not ("false" - this is the default) the DDNS or the IP address of the SAML Identity Provider.

Example Commands

set identity-provider provider-name IDP_SAML import-metadata-method import-metadata-from-file metadata-file IyEv...ZQ==

set identity-provider provider-name IDP_SAML import-metadata-method import-metadata-manually certificate bG9n...iAgZ== login-url https://login.microsoftonline.com/9xxxxxx3-cxx8-4xxf-bxx8-fxxxxxxxxxxa/saml2 provider-id https://sts.windows.net/9xxxxxx3-cxx8-4xxf-bxx8-fxxxxxxxxxxa/