Has anyone successfully generated Metadata to setup SAML in their environment? I am looking to setup Saml
for our Core BigFix environment. Our IDP is asking for metadata from the SP (our BigFix core) to get started. I am following the information in the following documentation but it seems there are missing gaps. There is a brief mention of passport-saml but nothing else -https://help.hcltechsw.com/bigfix/9.5/platform/Platform/Config/c_how_bigfix_integrates_with_sam.html.
Did anyone use this middleware for their setup? Any advice is appreciated.
Hey thanks @itsmpro92 for the quick reply. There is good information on that page but providing Service Provider (SP) information to the Identity Provider (IDP) in the form of metadata is not mentioned at all. From my understanding A SAML file needs to be generated. The file will have various details needed by SAML to verify assertions. The IDP will need it to configure their end point. The above focuses on configuring BigFix Core with IDP metadata. If you have done this successfully, or used passport-saml to get it done, please let me know. Thank you.
I think the only metadata provided up front by BigFix would be the redirect URLs:
The redirect URLs are added to the relying party trust indexed, with binding HTTPS_POST, and in this format:
https://<WebUI_server>/saml (for the Web UI server, assuming that it listens on port 443)
https://<Web_Reports_server>:8083/saml (for each Web Reports server, assuming that they listen on port 8083)
https://<Bigfix_server>:52311/saml (for the BigFix Console)
There may be metadata exchanged behind the scenes after you add the IdP Entry Point and Signing Certificate to the WebUI.
I’m no SAML guru, but the steps outlined in the documentation worked for my customer.
@itsmpro92 This advice is much appreciated. I will give this a try and let you and the forum posted. Thank you very much.
@itsmpro92 I am still re-searching/trouble shooting. Right now the https://<WebUI_server>/saml is blank. It does not exist. Could I be missing something? Do I need to click on “enable” SAML on the WebUI admin page to populate those URLs? I understand that "The redirect URLs are added to the relying party trust indexed, with binding HTTPS_POST. Where I am getting stuck is extracting that information in the form of metadata from BigFix (aka “Consumer” or “Service Provider (SP)”). That metadata should contain Bigfix “SP” EntityID , binding HTTPS_POST and certificate (or shared secret) information. My goal is to add that information to the IDP config. That should enable successful communication between the SP and IDP. How do I get that extracted? is there a command line or utility? Any help would be greatly appreciated.