Configure Web interface for secure communication
By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for the Web interface on local or remote servers.
To configure the Web interface for secure communication for the first time
- In the Configuration Center main window, click Web Interface.
The Web Interface page lists all the Web interface sites that are deployed on the Web server running the Web interface.
- To modify the secure communication settings for the sites, click Force SSL Redirection.
The Manage Force SSL Redirection Settings for sites window is displayed.
- In the Available Websites field, select the required web site from the drop-down list.
The configuration status of the website is displayed.
- To enable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it on.
NOTE:
- If the website is not configured earlier for secure communication, the Enable Force SSL Redirection option is not selected by default and the HTTPS configuration status is shown as Not configured.
- If the website is configured earlier for secure communication, then the Enable Force SSL Redirection option is selected by default and the HTTPS configuration status shows as Configured.
- If the website is configured earlier for secure communication, and the SSL bindings was deleted in the IIS site, the Enable Force SSL Redirection option is selected by default. The status Binding Deleted is displayed. In this case, the secure communication must be configured again for the web site.
- In the Available HTTPS Bindings field, click the drop-down list and select the required binding for the web site.
- Click Modify.
After successful completion of configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as green and enabled.
- Click Finish.
NOTE: The browser cache must be cleared after any changes are made to SSL settings.
For the configured web site, any HTTP communication is now redirected to HTTPS automatically.
Disabling secure communication for Web interface sites
Disabling secure communication for Web interface sites
By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for Web interface on local or remote servers.
In case you do not want a secure communication enabled for transferring data over the web, you can disable the HTTPS option using the Force SSL Redirection option in the Configuration Center.
To disable the secure communication for Web interface sites
- In the Configuration Center main window, click Web Interface.
The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface.
- To modify the secure communication settings for the sites, click Force SSL Redirection.
The Manage Force SSL Redirection Settings for sites window is displayed. The Enable Force SSL Redirection option is enabled after HTTPS configuration.
-
In the IIS Web site field, select the required web site from the drop-down list.
-
To disable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it off.
- Click Modify , and then Finish.
NOTE: The browser cache must be cleared after any changes are made to the SSL settings.
After successful completion of the configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as not configured.
After disabling the Force SSL Redirection, all communication is now redirected to HTTP.
For more information on secure communication and Federated Authentication, see Working with Federated Authentication.
Configuring Federated authentication
You can access an application or web sites by authenticating them against a certain set of rules known as claims, by using the Federated authentication feature. The Federated authentication feature uses the Security Assertion Markup Language (SAML), through which you can sign in to an application once using the single sign-on option and you are authenticated to access websites. For more information, see Working with Federated Authentication.
Starling Join configuration task
Active Roles version 7.5.3 supports integration with One Identity Starling services. The Starling Join feature in Active Roles now enables you to connect to One Identity Starling, the Software as a Service (SaaS) solution of One Identity. The Starling Join feature enables access to the Starling services through Active Roles thus allowing to benefit from the Starling services such as Two-factor Authentication and Identity Analytics and Risk Intelligence.
You can use the Active Roles Configuration Center to join One Identity Starling to Active Roles on the Starling wizard.
To start the wizard, click Configure in the Starling area on the Dashboard page in the Configuration Center main window. The Starling wizard enables you to perform the Starling join operation.
For more information on configuring Starling join for Active Roles, see Configuring Active Roles to join One Identity Starling