System Info configuration
Introduction
The System Info tab provides details about SecureAuth IdP's connection to cloud services, certificate authorities, and proxies. This tab does not need to be configured unless a proxy is integrated with SecureAuth IdP, SCEP is used in the environment, or specific preferences require edits to be made.
What's new in SecureAuth IdP version 9.3
The Click to edit Web Config file. link is removed from the Links section for greater security on the SecureAuth IdP appliance. To edit the web.config file, go to D:\SecureAuth\SecureAuth1 on the appliance.
Prerequisites
SecureAuth IdP v9.3.
SecureAuth IdP realm with the following configured:
Overview tab
Data tab / Directory integration
Workflow tab
Multi-Factor Methods tab
Post Authentication tab
Logs tab
Notice
On the New Experience user interface in version 9.3, you can configure an Active Directory integration or SQL Server integration to be applied to applications made from App onboarding library templates. Configure the remaining components – for example, Workflow, Multi-Factor Methods, and Adaptive Authentication tabs – on the Classic Experience user interface.
For a proxy server to be integrated with SecureAuth IdP
Established proxy server up and running.
For SCEP
The Issuing CA (Certificate Authority) is running on Windows 2008 R2 Enterprise Edition (or later) to enable SCEP / NDES functionality.
The Certification Authority's (root and intermediates) certificate distribution point is available to all clients (internal and / or external) to allow access to the AIA and CDP files (CRT and CRL files).
The SCEP / NDES (Network Device Enrollment Service) service is already pre-installed and functional.
The SCEP / NDES Listener URL is obtained.
SecureAuth IdP Web Admin - Classic Experience
System Info tab
Steps 1 - 3: Review / configure System Info and Plugin Info sections
1. In the System Info section, the SecureAuth Version number is provided for reference.
2. If necessary, click Decrypt to view the web.config file in its entirety.
 |
3. Plugin information is provided for reference, and no configuration is necessary unless a specific version is required (not typical).
 |
Steps 4 - 6: Complete WSE 3.0 / WCF Configuration section
4. For SecureAuth IdP to not use the message encryption endpoint to make a web service call to issue a certificate, select False from these dropdowns and retain the URLs for SecureAuth IdP (recommended):
Certificate Use WSE 3.0
Telephony Use WSE 3.0
SMS Use WSE 3.0
Push Use WSE 3.0
Geo-Location Use WSE 3.0
SecureAuth Threat Service Use WSE 3.0
To use message-level security (WSE 3.0 / WCF) to make a web service call to issue a certificate (default), select True from the dropdowns and modify the URLs to end in /msg
5. Select False from the Trx Use WSE 3.0 dropdown for SecureAuth IdP to not use the message encryption endpoint to make a web service call to issue a certificate (default). In this scenario, transport encryption via TLS is used instead of WSE 3.0.
To use the WSE 3.0 message encryption endpoint to make a web service call to issue a certificate, select True and modify the URL to end in /msg
6. Click Test to ensure the connection is working properly.
Note
Configure / update these URLs as necessary if using any of these features on this realm:
URL | SecureAuth IdP Feature |
|---|---|
Link-to-Accept URL | SecureAuth Link-to-Accept Multi-Factor Authentication Method Configuration Guide |
Phone Fraud Service URL | |
Geo-Location URL | |
SecureAuth Threat Service URL |
 |
4. Select False from the following dropdowns:
Certificate Use WSE 3.0
Telephony Use WSE 3.0
SMS Use WSE 3.0
Push Use WSE 3.0
Geo-Location Use WSE 3.0
SecureAuth Threat Service Use WSE 3.0
Trx Use WSE 3.0
5. Set the corresponding URLs as follows:
a. Certificate URL to https://cloud.secureauth.com/certservice/cert.svc
b. Telephony URL to https://cloud.secureauth.com/telephonyservice/telephony.svc
c. SMS URL to https://cloud.secureauth.com/smsservice/sms.svc
d. Push URL to https://cloud.secureauth.com/pushservice/push.svc
e. Geo-Location URL to https://cloud.secureauth.com/ipservice/ipgeolocation.svc
f. SecureAuth Threat Service URL to https://cloud.secureauth.com/ipservice/ipevaluation.svc
g. Trx Log Service URL tohttps://cloud.secureauth.com/trxservice/trx.svc
(no step 6)
 |
Step 7: Complete SCEP Configuration section
7a. Select True from the Use SCEP dropdown.
7b. Leave the SCEP Web Service URL as the default unless the web service is hosted in a different location.
7c. Set the SCEP / NDES URL as the SCEP / NDES Listener URL.
7d. Select False from the Inbound SCEP Request dropdown.
Or select True for SecureAuth IdP to receive inbound SCEP calls from MobileIron.
Note
Refer to Outbound SCEP configuration guide or Inbound SCEP from MobileIron VSP configuration guide for full instructions.
 |
Step 8: Complete Proxy Server Configuration section
8a. Select True from the Use Proxy Server dropdown.
8b. Set the Proxy Server Address to the proxy's IP Address or FQDN.
8c. Set the Proxy Server Port to the TCP port on which the web proxy server is configured to respond – example: 8080
8d. Provide the Proxy Username and Proxy Password if the proxy requires authentication.
 |
Steps 9 - 11: Complete IP Configuration section
9. Provide the Public IP Address if NAT is used to alter the SecureAuth IdP IP Address to a Public IP Address.
10. Provide the Proxy IP List of addresses used between end-user devices and SecureAuth IdP (proxy, load balancer, gateway, etc.) – separating entries in this list by commas.
11. Leave the IP Http Header Field Name as default unless a different Field Name is required.
 |
Steps 12 - 23: Review / configure remaining sections
License Info section
12. No configuration is required. The Cert Serial Nbr is typically the same as the Client Cert Serial Nbr in the WSE 3.0 / WCF Configuration section.
 |
Certificate Properties section
13. Select Default from the SAN, DC 1, and DC 2 dropdowns to use the default certificate settings.
Select Custom to customize a SAN, DC 1, or DC 2 property in a certificate.
14. Select No DC 3 from the DC 3 dropdown to eliminate the DC 3 property from the certificate.
Select Hard drive serial number hash to include the DC 3 property as the hard drive serial number hash.
15. Select the hashing algorithm to be used for certificate signing requests from the Certificate Key Identifier dropdown.
 |
Advanced Configuration section
16. Select True from the Force Frame Break Out dropdown to enable SecureAuth IdP pages to break out of iFrame web pages.
 |
User Input Restriction section
NOTE: This section applies only to SQL, ODBC, and Oracle data stores.
17. Set the Max Length for User ID (number of characters).
18. Set the Max Length for Password (number of characters).
19. Set the Max Length for OTP (number of digits).
20. Set the Max Length for KBA (number of characters). If no limit, set to0(default).
21. Create a list of Disallowed Keywords, comma separated.
 |
22. Click Save.
Links section
23. Click Click to view Web Config Backups to view backups and see modifications that have been made.
 |
Configuration Back Up Files page
23a. View configuration changes and open backup files.
23b. Use the back arrow on the browser to return to the Links section.
 |
