Overview

SafeNet Access Exchange (SAE) is an on-premises IDP, which complements with secure authentication of SAS PCE. With this integration, SAS PCE provides multi-factor authentication in context of authentication requests received from SAML or OIDC integrated applications. This SafeNet Access Exchange is also a key component of SAS PCE Enterprise and STA Hybrid Access Management Add-On based deployment.

SafeNet Access Exchange also supports Single Sign-On (SSO) for applications integrated with it. When a SSO is enabled, users can access multiple applications with only one login request during each computer session. This alleviates the need for users to log on to each application separately.

SafeNet Access Exchange package interacts with:

• SAS PCE for complete SAS PCE SSO workflow. This is supported with SAS PCE Enterprise Edition.

• STA and SAS PCE for complete STA Hybrid Access Management workflow. This is a key component of STA Access Continuum.

Software Requirements and Prerequisites

Software Requirements

• Docker or Podman for running containers
• SAS PCE

Prerequisites

SafeNet Authentication Service (SAS) PCE v3.20 and above is supported.

Terminologies

• SafeNet Access Exchange Directory: SafeNet Access Exchange server installation directory.

• Authentication Flow: An authentication flow is a container for all authentications, screens, and actions that are mandatory during login, registration, and other SafeNet Access Exchange workflows.

Package Contents

The SafeNet Access Exchange is a compressed zip|tar.gz file. The SafeNetAccessExchange Package contains:

• SafeNetAccessExchange.tar.gz

• SafeNet OTP Realm json file

• Realm configuration and Authentication flows defined for SAS OTP Validation.

To unpack this file, run the unzip, gunzip or tar utilities.

SafeNet Access Exchange SAS Providers (SPIs)

On the functional level, the package contains the following modules, which are pre-installed with the SafeNet Access Exchange server.

• SafeNet OTP Authentication Flow – Customized authentication flow for OTP validation with SAS Token Validator service.

• SafeNet Theme – Customized theme to define SafeNet HTML templates and stylesheets.

Set up SAS API for SAS PCE

SAS API requests data from SAS PCE to dynamically update the SafeNet Access Exchange.

When SafeNet Access Exchange is configured with SAS using MySQL database, follow below steps.

Before installation ensure that the following steps are performed:

1. After installing SafeNet server, install MySQL 8.0.32 Connector.

2. Configure SafeNet server with MySQL database.

3. Copy the following text in a text file and save the file in the .ps1 file format:

   `Note that you should be running PowerShell as an Administrator

   $publish = New-Object System.EnterpriseServices.Internal.Publish $publish.GacInstall("C:\Program Files (x86)\MySQL\MySQL Connector Net 8.0.32\Assemblies\v4.5.2\MySql.Data.EntityFramework.dll") If installing into the GAC on a server hosting web applications in IIS, you need to restart IIS for the #applications to pick up the change. Iisreset`

4. Run the .ps1 file, as an Administrator in the PowerShell.

5. Reset IIS.

Points to Remember

• Default location: System Directory:\Program Files (x86)\MySQL\MySQL Connector Net 8.0.27\<locate MySql.Data.EntityFramework.dll file>

• If someone changes the directory location while installing the MySQL Connector, the above path also needs to be updated in the script.

• Open the PowerShell script and change the path to where your DLL resides.

Configuration overview

• Installation and Realm Configuration and Authentication Flow are mandatory.

• User Federation Setup (Either LDAP or SAS User Federation is mandatory).

• Customization, Logging in SafeNet Access Exchange and Testing the End User Login flow are optional.