Last updated on August 3rd, 2020
What is Rublon Access Gateway and what can it be used for?
Rublon Access Gateway works as a web application that allows securing the login process by using Two-Factor in the form of an additional Rublon authentication performed after logging in through an authentication source. The application allows you to use one of two authentication sources (LDAP or Radius). Rublon Access Gateway makes it possible to define integrations with common web applications like Office 365, G Suite, Freshdesk, etc. The data between Rublon Access Gateway and added applications is transferred using the SAML 2.0 standard.
Step 1: Prepare your environment. It is recommended to install IIS HTTP Server. After that, install ASP.NET and CGI module from Server Manager.
Step 2: Install PHP by using e.g. Microsoft Web Platform Installer. The recommended version is 7.2+ For IIS Express.
Step 3: Download the package of Rublon Access Gateway and unzip files into the root C:/inetpub/wwwroot directory.
Step 4: Purchase an SSL certificate for your server (using a fully qualified domain name) from a commercial Certificate Authority (CA) and add it in IIS Manager (Server Certificates icon). It is also possible to generate a free certificate with Let’s Encrypt, but you will need to demonstrate the control of the domain. Certificates generated with Let’s Encrypt will have to be manually renewed every 90 days.
Step 5: Create a Website for Rublon Access Gateway – right click on Sites submenu in IIS Manager, and choose Add Website…
Step 6: The physical path should point to the rag/www directory. In the Binding section you should set the HTTPS protocol, your domain host name, and select your SSL certificate, which has been added within the third step.
Step 7: Open a terminal in a root rag directory and run the start script to configure your Rublon Access Gateway`s environment:
groupName parameter should contain a local group name, which must have set write permissions for all files related to Rublon Access Gateway. Once the script is finished, you will get a message regarding the state of the configuration process.
Example of results message after the start.bat script has been executed:
Step 8: Download and add the cacert.pem file into your PHP SSL directory (PHP\version\extras\ssl). It contains the certificates in PEM format and is directly used with the php_curl library.
Step 9: Modify your php.ini file. Rublon Access Gateway needs the following changes to run:
- Set the curl.cainfo parameter, it should looks like:
curl.cainfo=”C:\Program Files\iis express\PHP\v7.2\extras\ssl\cacert.pem”
- Add the php_ldap.dll file to the extension list:
Step 10: Using the Microsoft Web Platform Installer, you also have an ability to install the Url Rewrite module which could be used to force HTTPS requests. This additional module is optional, but recommended.
Step 11: Your Rublon Access Gateway should be configured to run on your domain name (previously defined/configured during IIS installation process). To check if Rublon Access Gateway is working properly, please type your domain URL or FQDN in your browser.
Step 12: Default password for the administrator panel is:
In the next steps you can change the password to your own.
Step 1: Sign in to the Rublon Access Gateway`s administrator panel.
Step 2: Go to the Settings tab and choose Rublon subtab.
Step 3: Set required data and next save all changes.
- Company token (required) – you should copy the company token from Rublon Admin Console (Settings tab->Management data section).
- Admin e-mail (required) – the email address of the owner of the organisation created within Rublon Admin Console.
- RAG URL address (optional) – you can set a static URL for the Rublon Access Gateway application. It is used for the SAML communication between Rublon Access Gateway and your application. You should set this address when, for example, your domain has alias(es) or is available on the http and https protocols.
- Rublon Two-Factor (required, default: bypass) – set the behavior of Rublon in case the connection to the Rublon Server cannot be established.
Step 4: Security subtab. This section provides an option to import your own certificate file with a private key for the Identity Provider. It is recommended for security reasons. The certificate is used for signing SAML requests and responses. However, the private key for encrypting SAML responses. All imported files must have the extension *.crt.
Step 5: SAML session subtab provides an option to change the default SAML session duration time (in seconds). SAML session is initialized during the authentication process of your applications. It is recommended to configure the application so that after logging out the SAML session will also be disconnected. If you log out without disconnecting your SAML session, the next login will use the same session. An appropriate configuration is recommended for people who share the same computer.
Step 6: Admin password subtab provides an option to change the default administrator password for your Rublon Access Gateway. For security reasons, it is recommended to change the default password right after the first login. Anyone who has access to the domain and knows the specified password will be able to access the administration panel.
Step 7: Logging subtab. Checking the option Verbose logging will provide more detailed log entries in case some issues occur in the Rublon Access Gateway application.
If you’d like to read the log file, please follow the steps below:
- Go to the location: rag/log
- Read the RAG.log file by using any text editor.
1. Installation of IIS and PHP (points 1.1 and 1.2):
2. Installation of URL Rewrite module to force HTTPS on a website (How to redirect HTTP to HTTPS in IIS section):
If you encounter any issues with your Rublon installation, we’re here to help! Just contact us at [email protected].