Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

SAS PCE for SAML/OIDC Application

Integrate SAS PCE as an Authentication Server with an OIDC Service Provider Application

search

Please Note:

printsuggest an editpdf paneldownload

Integrate SAS PCE as an Authentication Server with an OIDC Service Provider Application

Integrating SAS PCE as an authentication server with an OIDC service provider (SP) application is a three-step process:

copy link to clipboardIdentity Provider (Keycloak) Setup

Perform the following steps to configure the IdP (for example, Keycloak):

  1. Log into Keycloak as an administrator.

  2. On the administrator console, select your realm (for example, SASPCE).

  3. In the left pane, under Configure, click Clients, and in the right pane, click Create.

    alt_text

  4. Under Add Client, perform the following steps:

    1. In the Client ID field, enter a client ID. This ID is an alpha-numeric string that is used to identify the client in OIDC requests.

    2. In the Client Protocol field, select openid-connect.

    3. Click Save. The client is created.

      alt_text

    4. On the Settings tab, perform the following steps:

      • In the Name field, enter a name of your choice for the client application. It will be the display name of your client application.

        alt_text

      • In the Access Type field, select public or confidential as per your requirement.

      • In the Valid Redirect URI field, enter the redirect URL of the application. Users will be redirected to this URL after successful authorization.
        This field allows for the inclusion of multiple URLs. You need to click + to add an additional URI.
        An asterisk * is supported as a wildcard character at the end of the value of this field to accept redirection to any URL that fits the same base pattern. For example, https://abc.com/*

        alt_text

    5. Click Save to complete the configuration.

      alt_text

      note

      Note

      You can enter or modify the values of rest of the fields as per your service provider application requirement.

copy link to clipboardOIDC Service Provider Application Configuration

Perform the following steps to configure an OIDC SP application:

  1. Obtain the OIDC endpoint configuration from Keycloak by performing the following steps:

    1. On the administrator console, under Configure, click Realm Settings.

      alt_text

    2. In the right pane, on the General tab, in the Endpoints field, select OpenID Endpoint Configuration.

      alt_text

      You will be redirected to a separate page, which displays the information that will be used to configure the OIDC application

      alt_text

    3. Copy the information and paste it in a text editor.

  2. Configure IdP in your SP application using the information copied in the previous step.

copy link to clipboardVerify Authentication

copy link to clipboardService Provider Initiated Login

Navigate to the Service Provider URL. You will be redirected to SAS PCE for authentication as per your selected flow.

Enter your login credentials and you should be logged into the application after successful authentication.

alt_text

alt_text

For more information on the SafeNet authentication flows, go to SafeNet Authentication Flows provided by SafeNet Agent for Keycloak.

copy link to clipboardEnabling Single Sign-On for Applications

Perform the following steps to enable Single Sign On (SSO) for your applications:

  1. On the Keycloak administrator console, in the left pane, under Configure, click Authentication.

  2. In the right pane, under Authentication, select a SafeNet flow of your choice (for example, SafeNet OTP Flow), and replicate the configuration as displayed in the below screenshot.

    alt_text

  3. Now, try to access multiple applications in the same browser, the SSO should work seemlessly.

On this page