In environments using VIP Access Manager (SAM) with a local authentication service only without a VIP Enterprise Gateway, or to simply consolidate SSO applications visible to end-users in the SSO Portal, it is possible to take advantage of the VIP Self-Service Portal (or the next generation My VIP Portal) where users can manage and register their own VIP credentials without needing to contact their organization's help desk or a VIP administrator.
Generate and export a VIP certificate in both PEM and PKCS#12 formats in
VIP Manager. This process is detailed in
Import the PKCS#12 certificate to the SAM Admin Console under
Platform > Certificates by clicking on
From the Admin Console in SAM, create a new application connector by going to Applications > Application Connectors in the top navigation bar and selecting the generic template under Symantec Applications.
Give the connector a name and select the appropriate Access Policy.
Use SAML 2.0 for the Connector Mode.
Fill in a Site Display Name that will be used to identify the application to users in the SSO Portal.
For the Identifier Type select Subject from the drop-down.
The Identifier Attribute should match the desired VIP username format (i.e. sAMAccountName, UserPrincipalName, email address, etc). The current normalized attribute mappings can be reviewed under Users > Virtual ID Mapping.
Check and fill out the Override IdP Entity ID section using a unique value such as the connector ID string from the end of the IdP URL. For example, if the IdP URL is https://sso.corp.lab/ssg-saml/saml/userData?id=180f94a6-b3b5-465a-0000-92b463f40da8, the entity ID could be set to 180f94a6-b3b5-465a-0000-92b463f40da8. The IdP URL is unique to each application connector.
Check Include SSG-IDP Certificate in Response and select the VIP certificate that was previously imported into SAM. Use SHA-1 for the signature algorithm.
Check Enable Application Connector Instance at next publish.
Publish the changes to make them active.
In VIP Manager complete the third party IdP section under Account > Single Sign-on.
Click Edit next to IDP Service Settings.
Set the Entity ID as the IdP Entity ID configured in the Override IdP Entity ID section of the application connector settings in SAM.
Upload the VIP certificate that was previously downloaded in PEM format.
Subscribing will provide email updates when this Article is updated. Login is required.