Online Help

SafeNet Trusted Access for Crucible

Overview

The application template provides the ability to enable single sign-on for users accessing the Crucible application through SafeNet Trusted Access.

The following use cases can be configured for Crucible:

SP-initiated SSO

IdP-initiated SSO

Single logout

Configuring SafeNet Trusted Access for Crucible is a three-step process:

1.Crucible setup

2.SafeNet Trusted Access setup

3.Verify authentication

Crucible Setup

As prerequisites,

Download the Identity Provider metadata from the SafeNet Trusted Access console by clicking the Download metadata file button. You will need this metadata in one of the steps below.

Download the SAML single sign-on plugin from Atlassian to delegate user authentication from Crucible to the SAML Identity Provider. The SAML single sign-on plugin can be downloaded using the following URL:

https://marketplace.atlassian.com/apps/1219441/saml-single-sign-on-sso-fisheye?hosting=server&tab=overview

Perform the following steps to configure SafeNet Trusted Access as your Identity Provider in Crucible:

1.Log in to Crucible as an administrator using the http://<Domain Name or IP Address>:<Port> URL. For example, http://sfnt-ca.com:7990

Where,

<Domain Name or IP Address> is the domain name or IP address that you entered while installing Crucible on your machine.

<Port> is the port number on which your Crucible application is accessible.

2.On the Crucible dashboard, on the top right hand side corner, click and click Administration.

3.On the Admin window, in the left pane, under click System Settings > Manage Add-ons.

4.In the right pane, under Manage apps, click on the Upload app link.

5.On the Upload app window, click Browse… to search and select the SAML sign-on add-on .JAR file, and click Upload.

6.After the add-on is successfully installed, a confirmation message is displayed. Click Close.

7.In the right pane, under User-installed apps, under SAML SingleSignOn for Fisheye/Crucible, click Configure.

8.A wizard opens that enables you to connect your Identity Provider (IdP) to the Crucible installation. Click Add new IdP.

9.On the Choose your SAML Identity Provider window, complete the following steps:

a.In the IdP Type field, select Import Metadata from XML.

b.In the Name field, enter a name for the IdP (for example, sfntIdP).

c.Click Next.

10.On the Import SAML IdP Metadata window, perform the following steps:

a.Click Load File to search and select the IdP metadata that you downloaded earlier from the SafeNet Trusted Access console.

b.Click Import.

c.Click Next.

11.On the User ID attribute and transformation window, in the Authentication Attribute field, ensure that USERNAME is selected, and click Save & Next.

12.On the Identity provider configuration window, click on the Metadata URL link to open the Crucible metadata. Save the metadata on your local machine, and click Next.

Note:   You should configure Crucible in SafeNet Trusted Access before proceeding to the next step. Refer to SafeNet Trusted Access Setup to configure Crucible in SafeNet Trusted Access.

13.On the Test your settings window, click Start test.

14.You will get a link to test the settings. Copy the URL provided in the Please log in with this link now field.

15.On the Incognito/Private tab, paste the URL copied in the previous step. You will be redirected to the SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, the Status will be changed to SUCCESS.

16. Click Next.

17.On the Redirection options window, select Enable SSO Redirect.

18.Click Save & Close.

19.To enable Single Logout, under SAML SingleSignOn Plugin Configuration, in the left pane click Service provider.

20.In the right pane, scroll down to the Single Logout section and ensure that the Include Logout URLs in Metadata checkbox is selected.

SafeNet Trusted Access Setup

After completing the first step of configuring SafeNet Trusted Access in Crucible, the second step is to activate the Crucible application in SafeNet Trusted Access by performing the following steps:

1.In the Applications pane, the Crucible application you added earlier is in the inactive state by default. To configure and activate this application, click the application (for example, Crucible) and proceed to the next step.

2.Under STA Setup, click Upload Crucible Metadata.

3.On the metadata upload window, click Browse to search and and select the Crucible metadata that you downloaded in step 12 of the Crucible Setup.

In the Account Details section, the service provider metadata information is displayed.

4.Under Advanced Settings, in the IDP INITIATED SSO RELAY STATE field, enter the relay state value if your application requires a unique relay state. In rest of the fields, modify the default values as per your preferred configuration.

5.Click Save Configuration to save the details and activate the Crucible application in SafeNet Trusted Access.

Verify Authentication

Using STA Console

Navigate to the Crucible login URL, http://<Domain Name or IP Address>:<Port>, where <Domain Name or IP Address> is the domain name or IP address that you entered while installing Crucible on your machine and <Port> is the port number on which your Crucible application is accessible.

For example: http://sfnt-ca.com:7990

You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information, approve the two-factor authentication, and you should be redirected to the Crucible user portal after authentication.

Using STA User Portal

Navigate to the User Portal URL to log in to the STA User Portal dashboard. On the dashboard, you will see a list of applications to which you have access. Click the Crucible application icon. You should be successfully logged in to the Crucible user portal after authentication.

 

© 2019 SafeNet Trusted Access. Various trademarks are held by their respective owners.