To integrate UAG (service provider) with the identity provider, you must configure the identity provider with the service provider information such as entity ID and assertion consumer endpoint URL. In this case, UAG is the service provider.

Procedure

  1. Log into the identity provider's Admin console.
  2. To create a SAML application, follow the appropriate steps on the identity provider's Admin console.
    If the identity provider has an encrypt assertion feature, ensure that the feature is disabled in the SAML settings for the application that you create on the identity provider.
  3. Configure the identity provider with the UAG information in one of the following ways:
    Option Description
    Download SAML service provider metadata from the UAG.

    To import the SAML metadata into the identity provider, ensure that the identity provider supports import functionality.

    1. In the Configure Manually section of the UAG Admin UI, click Select.
    2. In the General Settings section, for Edge Service Settings, click Show.
    3. Click the Horizon Settings gearbox icon.
    4. On the Horizon Settings page, click More.
    5. Select the Auth Methods.
      Note: Auth Methods can be either SAML or SAML and Passthrough.
    6. Click Download SAML service provider metadata.
    7. On the Download SAML service provider metadata window, enter the external host name.
    8. Click Download.
    9. Save the .xml metadata file to a location on your computer that you have access to.
    10. Log into the identity provider's admin console.
    11. Import the downloaded metadata file into the identity provider.
    Configure the following SAML settings on the identity provider's Admin console.
    1. Set up the entity ID as https://<uagIP/domain>/portal
    2. Set up the assertion consumer endpoint URL as https://<uagIP/domain>/portal/samlsso.

What to do next

Upload identity provider's SAML metadata XML file to UAG.