Configuring Service Provider Metadata in Aruba ClearPass Policy Manager
This procedure describes the configuration steps required for setting up Aruba ClearPass Policy Manager as an IdP.
ClearPassClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. must be synced to NTPNetwork Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. along with any other SAMLSecurity Assertion Markup Language. SAML is an XML-based framework for communicating user authentication, entitlement, and attribute information. SAML enables single sign-on by allowing users to authenticate at an identity provider and then access service providers without additional authentication. SPs and IdPs. If clocks are out of sync, SAML will not function.
Before you Begin
- Go through the SAML SSO feature description to understand how SAML framework works in the context of Aruba Central.
- Ensure that you have access to the ClearPass Policy ManagerClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. instance.
- Ensure that you have downloaded the SAML metadata from Aruba Central.
Steps to Configure ClearPass Policy Manager as an IdP
To configure ClearPass as an IdP for providing SAML authentication and authorization services to Aruba Central, complete the following steps:
Step 1—Configuring an IdP Service
To configure an IdP service:
- Go to Configuration Identity > Single Sign On.
- Select . The page opens.
- Click the tab.
- Enter a Name Prefix. This prefix will be used to name all of the services and enforcement policies/profiles created by the wizard.
- Click . The tab opens.
- Select an authentication source.
- Click . The tab opens.
- Click .
- Click .
Step 2—Configure an Enforcement Policy
To configure an enforcement policy:
- From >>.
- Click to a new enforcement policy.
- Select the enforcement policy and click .
- Click the tab and click to edit the default profile.
- In the edit enforcement profile wizard screen, click the tab.
- Configure the attributes as shown in the following figure:
- Click .
- In the Edit enforcement policies wizard screen, click the tab and add the rules.
Step 3—Upload SP Metadata
- In the page, under , click . The page opens.
- Select the SAML authorization profile configured for the ClearPass IdP service, click , and download the metadata.
- To upload SP metadata, go to >>.
- Click tab, and click .
- Set the SP name as Aruba Central and select the metadata file and click .
Step 4—Add Roles
To add a user role:
- Go to >> .
- Add the roles and click .
Step 5— Map Roles and Enforcement Policies
- Go to >.
- Select the IdP service created for Aruba Central.
- Click .
- Click the tab.
- Add a service rule.
- Click the tab and add the authentications source.
- Click the tab. Add a role mapping policy.
- Click the tab and ensure that service name and default profile are selected.
Step 6—Add Users
To add users:
- Go to >>.
- Add users.
Step 7—SAML Authorization Profile in Aruba Central
For information on how to configure a SAML authorization profile, see Configuring SAML Authorization Profiles in Aruba Central.
