Introduction
AuthAnvil Single Sign On (SSO) delivers one-time passwords, generated via a soft token application, to deliver best in class security to access to the Naverisk console.
This document is intended to take you through the steps of setting up Naverisk so it can be used through Single Sign On.
1.0 Prerequisites
AuthAnvil must be installed on a dedicated Windows Server correctly before attempting configure Naverisk to work with AuthAnvil. The steps for installing AuthAnvil into a Windows Server can be found here:
https://www.scorpiongsoft.com/docs/authanvil/install-guide-v50
2.0 Configure AuthAnvil
2.1 Setting up the Application
Connect to the AuthAnvil Server
http://AuthAnvilServer/AuthAnvil.ManagerLogin using you account and token
Navigate to Single Sign On > Applications > Add new Application
4. Enable Application
Assign a Name and an Icon
6. Configure the Protocol as follows:
Reply to URL - https://NaveriskServer/SSOEntry.aspx
Audience URL - https://NaveriskServer
Token LifeTime - 480 Minutes
Protocol - WS-Federation
Protocol Version - WS 1.3
Signing Algorithm - SHA-256.
7. Save Changes.
2.2 Adding the Application to a Role
Navigate to Single Sign On > Roles
Click 'Add or Edit a Role'
Open 'Users In Role'
4. Add the Users to whom you wish to grant access to the application
5. Add the Application you have just created to the Role.
6. Save Changes
3.0 Configuring Naverisk
Open web.config (C:\%program files (x86)\Naverisk Website\Website\web.config) and modify the highlighted sections as follows:
sitecontroller.naverisk.com is the name of the Naverisk server.
authanvil.naverisk.com is the name of the AuthAnvil Server.
site1 is the AuthAnvil site name including the siteID.
09C8C186095E9D59155AE12E7A449337754536A7 is the Certificate Authority thumbprint for the siteID.
To retrieve the thumbprint for the siteID in the web.config;
Log into AuthAnvil Manager and navigate to Single Sign On > Applications
2. Select the appropriate application to view the Certificate Authority thumbprint at the bottom of the page
3. Update the web.config with the Certificate Authority thumbprint as shown in the example below;
<add thumbprint="09C8C186095E9D59155AE12E7A449337754536A7" name="https://authanvil.naverisk.com/AuthAnvil/SSO/Trust/site1" />
Web.config
<microsoft.identifyModel>
<service>
<audienceUris>
<!-- Audience URL: A unique identifier for the application so SSO knows who should receive the token -->
<add value="https://sitecontroller.naverisk.com/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://authanvil.naverisk.com/sso/federation/passive/wsfed" realm="https://sitecontroller.naverisk.com/" requireHttps="false" />
<cookieHandler requireSsl="false" />
</federatedAuthentication>
<applcationService>
</applicationService>
<issuerNameRegistry type="Microsoft.IdentifyModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="09C8C186095E9D59155AE12E7A449337754536A7" name="https://authanvil.naverisk.com/AuthAnvil/SSO/Trust/site1" />
</trustIssuers>
</issuerNameRegistry>
<certificateValidation certificationValidationMode="None" />
</service>
</microsoft.identityModel>
You should now be able to click the Naverisk icon and directly connect to Naverisk.
- Login to https://navauth/SSO/ using your token.