Cisco Cisco Web Security Appliance S690 User Guide
7-3
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 7 SaaS Access Control
Configuring the Appliance as an Identity Provider
Note
If the appliance has both an uploaded certificate and key pair and a generated certificate and key pair, it
only uses the certificate and key pair currently selected in the Signing Certificate section.
only uses the certificate and key pair currently selected in the Signing Certificate section.
Step 7
Make note of the settings when you configure the appliance as an identity provider. Some of these
settings must be used when configuring the SaaS application for single sign-on.
settings must be used when configuring the SaaS application for single sign-on.
Step 8
Submit and Commit Changes.
Next Steps
•
After specifying the certificate and key to use for signing SAML assertions, upload the certificate
to each SaaS application.
to each SaaS application.
Related Topics
•
Method
Additional Steps
Upload a certificate
and key
and key
1.
Select Use Uploaded Certificate and Key.
2.
In the Certificate field, click Browse; locate the file to upload.
Note
The Web Proxy uses the first certificate or key in the file. The certificate
file must be in PEM format. DER format is not supported.
file must be in PEM format. DER format is not supported.
3.
In the Key field, click Browse; locate the file to upload.
If the key is encrypted, select Key is Encrypted.
Note
The key length must be 512, 1024, or 2048 bits. The private key file
must be in PEM format. DER format is not supported.
must be in PEM format. DER format is not supported.
4.
Click Upload Files.
5.
Click Download Certificate to download a copy of the certificate for
transfer to the SaaS applications with which the Web Security appliance
will communicate.
transfer to the SaaS applications with which the Web Security appliance
will communicate.
Generate a certificate
and key
and key
1.
Select Use Generated Certificate and Key.
2.
Click Generate New Certificate and Key.
a.
In the Generate Certificate and Key dialog box, enter the information to
display in the signing certificate.
display in the signing certificate.
Note
You can enter any ASCII character except the forward slash ( / ) in the
Common Name field.
Common Name field.
b.
Click Generate.
3.
Click Download Certificate to transfer the certificate to the SaaS
applications with which the Web Security appliance will communicate.
applications with which the Web Security appliance will communicate.
4.
(Optional) To use a signed certificate, click the Download Certificate
Signing Request (DCSR) link to submit a request to a certificate authority
(CA). After you receive a signed certificate from the CA, click Browse and
navigate to the signed certificate location. Click Upload File.
Signing Request (DCSR) link to submit a request to a certificate authority
(CA). After you receive a signed certificate from the CA, click Browse and
navigate to the signed certificate location. Click Upload File.