For SSO authentication of users to Concerto, require Director to be hosted on the Internet?
Hi Experts!
My Service Provider organisation wish to authenticate our customers accessing Concerto using SSO and SAML.
Only Concerto is exposed to the Internet.
During testing, we found the client is redirected to our Director. But as Director isnt hosted on the Internet, we never see the SSO browser prompt on the client device. Consequentially, SSO fails.
1) do we need to host Director on the Internet?
2) if yes, is there a way to minimise the Directors footprint to minimise exposure to the Internet via a WAF or similar appliance?
Thanks in advance!
Comments
-
Two URLs from the director needs to be exposed to the Internet to have Concerto SSO configured:
https://VD_FQDN/versa/sso/loginConsumer
https://VD_FQDN/versa/sso/logoutConsumer
Please try this, it should resolve your issue.
It is recommended to use WAF for additional security.