SecureAuth IdP Version Affected: All
Description: In an effort to improve and modernize SecureAuth cloud services, as well as improve the performance of the SecureAuth IdP appliances, we are phasing out a legacy protocol used to communicate with SecureAuth Cloud Services, effective April 30, 2019.
If your SecureAuth IdP appliance(s) is configured to use the legacy “message level encryption” protocol when connecting to SecureAuth cloud services, then configuration changes needs to be made on your IdP appliance(s).
Please also review the SecureAuth Cloud Services documentation page if you haven't already.
Resolution: Please proceed with a backup or snapshot if you are making production changes.
1. Ensure you have outbound firewall or proxy rules that allow for HTTPS communication on port 443 to the following IP addresses:
34.212.120.216
34.215.233.46
35.170.216.14
35.172.189.69
35.172.253.27
52.39.105.166
52.43.188.66
52.70.56.97
146.88.110.112
146.88.110.114
162.216.42.110
162.216.42.111
208.74.31.114
208.82.207.89
2. Navigate to the Admin Console > Any Realm > System Info Tab > Scroll to WSE 3.0 / WCF Configuration.
3. In order to use HTTPS, you want to:
-Set Use WSE3.0 Set to "False"
-Change URL to contain "HTTPS" instead of "HTTP"
-Remove /msg suffix at the end of the URL
Additionally, you should change any cloud.secureauth.com to us-cloud.secureauth.com or any trx.secureauth.com to us-trx.secureauth.com if it is not that way already.
The above screenshot is ideally what it should look like after all the changes have been made.
IMPORTANT NOTE: You would need to make these changes in each realm, but it should take less than one minute per realm. If the data in the “System Info” tab is consistent across other realms, then the change can be made on the first realm, and saved to the other realms. This process of copying to other realms will shorten the total time for this change, but it will copy over the entire "System Info" tab so proceed with caution. Testing time will depend on your unique configuration and environment.
CAUTION: Do not copy the "System Info" tab to multiple realms if you use different certificates on multiple realms.
If you need help or have any questions, feel free to contact the SecureAuth Support team.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.