inWebo MFA can be enabled as an authentication layer combined with Kemp to verify users idendities before they access the application server protected.
The purpose of this guide is to explain how to use InWebo as a SAML 2.0 Identity Provider for your Kemp Loadmaster account.
inWebo SAML connector initial configuration
Create a new SAML connector in the inWebo Administration console
go to the "Secures Sites" tab,
select "Add a connector of type" SAML 2.0.
In your SAML connector properties :
click on “Download inWebo IdP SAML 2.0 metadata in XML format”
click on “Download inWebo IdP SAML 2.0 certificate”
Kemp Loadmaster initial configuration
Import the inWebo IdP certificate in Kemp Loadmaster
Navigate to Certificates & Security
Select “Intermediate Certs “
click on choose a file to select the inWebo IDP certificate exported previously.
Choose a convenient name and click on Add Certificate.
Create an SSO Domain with SAML authentication
Go to Virtual Services>Manage SSO,
in section Client Side Single Sign On Configurations, provide the SSO configuration name
click the Add button
Configure the SSO
Choose SAML as the Authentication Protocol.
Select metadata File as IdP Provisioning.
Click the Choose File button to select the metadata file exported from the inWebo administration console and click on Import IdP metadata File.
Select the Idp Certificate you imported previously.
Configure the SP Entity ID and click on Set SP Entity ID.
Download the SP Signing Certificate by clicking the Download button.
The final configuration looks like the following.
Configure inWebo SAML connector with SP information
Prior to configuring the inWebo connector, you must convert the certificat downloaded from Kemp and build the metadata to match your environement. The inWebo connector will be updated with this information. The last step will be to create a Secure site linked to the inWebo SAML connector.
Convert the original Kemp certificate
Use the following command to convert the previously downloaded certificate.
openssl x509 -inform DER -in KEMP_SAML_Signing.cer -out KEMP_SAML_Signing.crt
Build and upload the SP Metadata
You need to create your own XML file with the SP information provided by Kemp. To do so you will have to modify within the XML file example below the EntityID, the location and the certificate to match your environement.