Cisco Cisco Web Security Appliance S670 User Guide
7-3
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 7 SaaS Access Control
Configuring the Appliance as an Identity Provider
Note
If the appliance has both an uploaded certificate and key pair and a generated certificate and key pair, it
only uses the certificate and key pair currently selected in the Signing Certificate section.
only uses the certificate and key pair currently selected in the Signing Certificate section.
Step 6
After you choose which certificate and key to use for signing SAML assertions, upload the certificate to
each SaaS application.
each SaaS application.
Step 7
Make note of the settings when you configure the appliance as an identity provider. Some of these
settings must be used when configuring the SaaS application for single sign-on.
settings must be used when configuring the SaaS application for single sign-on.
Related Topics
•
Method
Additional Steps
Uploaded certificate
and key
and key
1.
Click Use Uploaded Certificate and Key.
2.
Click Browse for the Certificate field.
Note
The Web Proxy uses the first certificate or key in the file. The certificate
file must be in PEM format. DER format is not supported.
file must be in PEM format. DER format is not supported.
3.
Click Browse for the Key field. The private key must be unencrypted.
Note
The key length must be 512, 1024, or 2048 bits. The private key file
must be in PEM format. DER format is not supported.
must be in PEM format. DER format is not supported.
4.
Click Upload Files.
5.
Click Download Certificate to transfer the certificate to the SaaS
applications with which the Web Security appliance will communicate.
applications with which the Web Security appliance will communicate.
6.
Submit and Commit Changes
Generated certificate
and key
and key
1.
Click Use Generated Certificate and Key.
2.
Click Generate New Certificate and Key.
3.
In the Generate Certificate and Key dialog box, enter the information to
display in the signing certificate.
display in the signing certificate.
Note
You can enter any ASCII character except the forward slash ( / ) in the
Common Name field.
Common Name field.
4.
Click Generate.
5.
Click Download Certificate to transfer the certificate to the SaaS
applications with which the Web Security appliance will communicate.
applications with which the Web Security appliance will communicate.
6.
(Optional) Click the Download Certificate Signing Request (DCSR) link
to submit it to a certificate authority (CA). After you receive a signed
certificate from the CA, click Browse and navigate to the signed certificate
location. Click Upload File.
to submit it to a certificate authority (CA). After you receive a signed
certificate from the CA, click Browse and navigate to the signed certificate
location. Click Upload File.
7.
Submit and Commit Changes