SafeNet Access Exchange
SafeNet Access Exchange (SAE) is an on-premises IDP, which complements secure authentication of SAS PCE. With this integration, SAS PCE provides multi-factor authentication in the context of authentication requests received from SAML or OIDC integrated applications. SafeNet Access Exchange is also a key component of SAS PCE Enterprise and STA Hybrid Access Management Add-On based deployment.
SafeNet Access Exchange also supports Single Sign-On (SSO) for applications integrated with it. When SSO is enabled, users can access multiple applications with only one login request during each computer session. This alleviates the need for users to log on to each application separately.
SafeNet Access Exchange package interacts with:
-
SAS PCE Enterprise Edition for a complete SAS PCE SSO workflow.
-
STA and SAS PCE for a complete STA Hybrid Access Management workflow. This is a key component of STA Access Continuum.
Software requirements
- Docker or Podman for running containers
- SAS PCE
Prerequisites
- SafeNet Authentication Service (SAS) PCE v3.20 or above.
Terminology
-
SafeNet Access Exchange Directory: SAE server installation directory.
-
Authentication Flow: A container for all authentications, screens, and actions that are mandatory during login, registration, and other SafeNet Access Exchange workflows.
Package contents
SafeNet Access Exchange is a compressed zip|tar.gz file. The SafeNetAccessExchange Package contains:
-
SafeNetAccessExchange.tar.gz
-
SafeNet OTP Realm json file
-
Realm configuration and authentication flows defined for SAS OTP validation.
To unpack this file, run the unzip, gunzip, or tar utilities.
SafeNet Access Exchange SAS providers (SPI)
The package contains the following modules, which are pre-installed with the SafeNet Access Exchange server.
-
SafeNet OTP Authentication Flow – Customized authentication flow for OTP validation with SAS Token Validator service.
-
SafeNet Theme – Customized theme to define SafeNet HTML templates and stylesheets.
Set up SAS API for SAS PCE
SAS API requests data from SAS PCE to dynamically update the SafeNet Access Exchange.
Caution
This setup is mandatory when SAS is configured with MySQL database.
Note
SAS API encounters an issue with the MySQL database (MySQL EF6 DLL in GAC missing). It is a limitation of MySQL Connector 9.2.0.
When SafeNet Access Exchange is configured with SAS using MySQL database, perform the following steps:
- Click here to download the mysql.data.entityframework.9.2.0 nuget package. This library is freely available from Oracle’s MySQL website and must be used in compliance with the GPL-2.0 license. Ensure to understand the GPL-2.0 obligations before using this library.
- Change the extension of the downloaded package from .nupkg to .zip by renaming the package.
- Extract the package mysql.data.entityframework.9.2.0.zip.
- Open the extracted folder, navigate to lib > net462 > MySql.Data.EntityFramework.dll, and copy the complete path of this DLL file. It will be required in the next step.
-
Copy the following text in a text file and save the file in the .ps1 file format. Also check and update the DLL path as per the above step:
# Note that you should be running PowerShell as an Administrator
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall("C:\Downloads\mysql.data.entityframework.9.2.0\lib\net462\MySql.Data.EntityFramework.dll")
# If installing into the GAC on a server hosting web applications in IIS, restart IIS for changes to take effect
iisreset
-
Run the .ps1 file as an administrator in the PowerShell.
-
To validate whether your script runs successfully, go to C:\Windows\Microsoft.NET\assembly\GAC_MSI and verify that MySql.Data.EntityFramework folder is created after execution of the above script.
Points to remember
-
Default location:
System Directory:\Downloads\mysql.data.entityframework.9.2.0\lib\net462
(Assuming it will be the path of your directory where the nuget package is downloaded) -
Open the PowerShell script and change the path to where your DLL resides.
Configuration overview
-
Installation and Realm Configuration and Authentication Flow are mandatory.
-
User Federation Setup (Either LDAP or SAS User Federation is mandatory).
-
Customization, Logging in SafeNet Access Exchange and Testing the End User Login flow are optional.
Note
Set up of SAS PCE is required for end-to-end setup and validation for a STA Hybrid environment.