Create a Decryption Rule with Decrypt - Resign Action
This part of the procedure discusses how to create a decryption policy to decrypt and resign traffic before the traffic reaches the SAML realm. The realm can authenticate traffic only after it has been decrypted.
Before you begin
Procedure
Step 1 | If you haven't done so already, log in to the Cisco Security Cloud Control. |
Step 2 | If you haven't done so already, create an internal certificate authority object to decrypt TLS/SSL traffic as discussed in PKI. |
Step 3 | Click . |
Step 4 | Click . |
Step 5 | Click New Policy. |
Step 6 | Enter a Name and choose a Default Action for the policy. Default actions are discussed in Decryption Policy Default Actions. |
Step 7 | Click Save. |
Step 8 | Click Add Rule. |
Step 9 | Enter a Name for the rule. |
Step 10 | From the Action list, choose Decrypt - Resign. |
Step 11 | From the with list, choose your service provider certificate object. |
Step 12 | Click the Applications tab page. |
Step 13 | In the Available Applications section, enter Azure Authentication Service in the search field. |
Step 14 | Click Azure Authentication and click Add to Rule. The following figure shows an example.
|
Step 15 | (Optional.) Set other options as discussed in Decryption Rule Conditions. |
Step 16 | Click Add. |
Step 17 | At the top of the page, click Save. |
