• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
ML dev tool leaders: C3.ai, Dataiku, IBM, Microsoft and SAS

Configuring SAML single sign-on for Burp Suite Enterprise Edition

January 4, 2021
Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

April 21, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

April 21, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

April 21, 2021
Secureworks Red Cloak will use Microsoft Defender Advanced Threat Protection

AuthenTrend security keys, biometrics integrated with MyID in Intercede partnership

April 21, 2021
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

H2C smuggling proves effective against Azure, Cloudflare Access, and more

April 21, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Sinequa Launches Cloud Optimized Intelligent Search Platform on Microsoft Azure

April 21, 2021
Aruba ClearPass Policy Manager Integrates with Microsoft

Kemp Joins Microsoft Intelligent Security Association

April 21, 2021
Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions

Datawiza Automates Application Integration for Microsoft Azure Active Directory

April 21, 2021
Automate Evidence Collection With Hypersync

Automate Evidence Collection With Hypersync

April 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

SANS Cloud Security Curriculum Gaining Altitude Become a SANS Cloud Ace

April 21, 2021
Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform

Fugue Adds Google Cloud Support to its Multi-Cloud Security Platform

April 21, 2021
Inside a Microsoft Azure datacentre: Cloud giant invites users on server farm virtual tour

Inside a Microsoft Azure datacentre: Cloud giant invites users on server farm virtual tour

April 21, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, April 21, 2021
  • Login
Azure Security News
  • Home
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

    Security should start in software engineering

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

    Microsoft is quietly becoming a cybersecurity powerhouse

    Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

    Secureworks Red Cloak will use Microsoft Defender Advanced Threat Protection

    AuthenTrend security keys, biometrics integrated with MyID in Intercede partnership

    Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

    H2C smuggling proves effective against Azure, Cloudflare Access, and more

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Sinequa Launches Cloud Optimized Intelligent Search Platform on Microsoft Azure

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Kemp Joins Microsoft Intelligent Security Association

    Protiviti Delivers Innovative Cybersecurity Offerings on Microsoft Security Solutions

    Datawiza Automates Application Integration for Microsoft Azure Active Directory

    Automate Evidence Collection With Hypersync

    Automate Evidence Collection With Hypersync

    Microsoft Launches Host of Security Products in Time for RSA

    SANS Cloud Security Curriculum Gaining Altitude Become a SANS Cloud Ace

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Windows 10 21H1: A small but significant update, with bigger changes to come in 21H2

    Microsoft Touts Secured-Core PCs To Block Driver Exploits

    KDDI Taps Cato SASE for Secure Remote Access

    Juniper Networks inspires overarching approach to connected security

    Going serverless? Rethink your data security approach

    Juniper Networks inspires overarching approach to connected security

    Introducing the Azure Network Security Tech Community and Github Repo

    Cisco, Google, Microsoft Lead Chorus of New Security Initiatives

    Azure WAF Custom Rule Samples and Use Cases

    Aruba ClearPass Policy Manager Integrates with Microsoft

    How Microsoft Is Powering Digital Transformation From the Cloud

    Part 4 – Data Disclosure and Exfiltration Playbook: Azure WAF Security Protection and Detection Lab

    The Mountain Of A Manager

    Microsoft offers startups free cloud tech

    Microsoft Launches Host of Security Products in Time for RSA

    The 14 Best Cloud Security Courses on Pluralsight

    Microsoft Adds Anti-Phishing ‘Campaign Views’ to Office 365 ATP

    How 4 cities are modernizing their IT infrastructure through the cloud

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

Configuring SAML single sign-on for Burp Suite Enterprise Edition

by AZURE SECURITY NEWS EDITOR
January 4, 2021
in News
0
ML dev tool leaders: C3.ai, Dataiku, IBM, Microsoft and SAS
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Burp Suite Enterprise Edition allows you to manage user authentication centrally via SAML-based single sign-on (SSO). This is especially useful for cloud-based deployments. Once configured, users will be able to log in using their existing credentials, removing the need to create and manage dedicated user accounts in Burp Suite Enterprise Edition. Each user’s permissions are then determined by the groups to which they belong.

To configure SAML SSO, you need to establish a trusted connection between the service provider (Burp Suite Enterprise Edition) and your SAML identity provider. Integration with the following providers has been fully tested:

  • Active Directory Federation Services (ADFS)
  • Okta
  • Azure Active Directory

Configuring this connection requires you to perform steps both within the Burp Suite Enterprise Edition web UI and in the administration settings for your identity provider. For exact details of how to perform some of these steps, you may need to consult your identity provider’s documentation.

Add Burp Suite Enterprise Edition to your trusted applications

The first step is to add Burp Suite Enterprise Edition to your identity provider’s list of trusted applications. Please note that this process has various names depending on your identity provider. If you are using Okta or Azure Active Directory, this is known simply as “adding an application”. ADFS. however, refers to “adding a relying party trust”.

  1. Log in to Burp Suite Enterprise Edition as an administrator.
  2. From the settings menu, select “Single sign-on” and open the “SAML connection” tab.
  3. In the “Relying trust information” section, notice that you can copy both the “Relying party trust identifier” and the “Relying party service URL” for Burp Suite Enterprise Edition. You also have the option to copy the “Relying party single logout URL”, but this is not relevant for now.
  4. Go to the administration settings for your identity provider. Use the two values from the previous step to add a new application (or relying party trust) for Burp Suite Enterprise Edition. Please consult your identity provider’s documentation for details on how to do this.

Obtain key details from your identity provider

As you will need to enter some details about your identity provider, we recommend gathering this information before you start the configuration in Burp Suite Enterprise Edition. Exactly where you can find this information will depend on your identity provider, but it should be easily available.

Unfortunately, the terminology used by different identity providers can vary dramatically. Where possible, we have provided some commonly used alternative names for the required information.

You will need the obtain the following:

  • The identity provider Entity ID. This is the globally unique name for your identity provider that will be sent as the Issuer value in SAML responses. This is usually a URL. Alternative names include “Federation service identifier” and “Identity provider issuer”.
  • The identity provider SSO URL. This is the URL to which Burp Suite Enterprise Edition will send users when they choose to log in using SAML.
  • The identity provider’s token-signing certificate. Burp Suite Enterprise Edition uses this to verify that the SAML response was genuinely issued by the identity provider. This is known by many different names, including several variations of the following:
    • Identity provider (public) certificate
    • SAML certificate
    • Identity provider public key

Enter your identity provider details

Once you have gathered the required details about your identity provider, the next step is to enter this information in Burp Suite Enterprise Edition.

  1. Log in to Burp Suite Enterprise Edition as an administrator. From the settings menu, select “Single sign-on” and open the “SAML connection” tab.
  2. In the “Company details” section, enter the name of your organization. This will be displayed in the SSO link on the Burp Suite Enterprise Edition login page.
  3. Under “SAML configuration”, select the identity provider to which you want to connect.
  4. Use the corresponding fields to enter the identity provider information that you obtained earlier.

Additional identity provider configuration

To complete the configuration, you need to perform some additional steps that are specific to your identity provider.

  • Additional configuration for ADFS
  • Additional configuration for Okta
  • Additional configuration for Azure Active Directory

If you are using an identity provider other than the ones mentioned, you will need to configure how the security groups are sent to Burp Suite Enterprise Edition. The details of this will vary between providers, but here is an example of a group attribute statement, where the group name is “Scan viewers”:

<AttributeStatement><Attribute Name="http://schemas.xmlsoap.org/claims/Group"><AttributeValue>Scan viewers</AttributeValue></Attribute></AttributeStatement>

Configuring single logout

Burp Suite Enterprise Edition also provides optional support for single logout (SLO). When enabled, logging out of Burp Suite Enterprise Edition will automatically log users out of the identity provider as well. This helps prevent users from inadvertently remaining logged in to multiple applications. If you do not enable this option, users will remain logged in to the identity provider even after logging out of Burp Suite Enterprise Edition.

When Burp Suite Enterprise Edition generates a single logout message, it signs it in case the receiving party uses a signature to validate the message.

To configure single logout:

  1. Generate a self-signed x509 certificate specifically for single logout.
  2. Log in to Burp Suite Enterprise Edition as an administrator. From the settings menu, select “Single sign-on” and open the “SAML connection” tab.
  3. Under “Relying trust information”, copy the Relying party single logout URL. Leave this page open for now.
  4. Go to your identity provider’s admin panel and edit the SAML settings for your Burp Suite Enterprise Edition integration. Paste the URL from your clipboard into the appropriate field.
  5. Obtain the Single Logout URL from your identity provider. This is the URL to which Burp Suite Enterprise Edition should redirect users when they log out. This may have a different name depending on your identity provider.
  6. Back in Burp Suite Enterprise Edition, enable the “Use single logout” option.
  7. Paste the URL that you obtained from your identity provider into the “Identity provider single logout URL” field.
  8. Paste your self-signed certificate into the “Service provider certificate” field.
  9. Paste the private key into the “Service provider private key” field.

Reference: https://portswigger.net/burp/documentation/enterprise/administration-tasks/sso/saml

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

by AZURE SECURITY NEWS EDITOR
April 21, 2021
0

By  Nicholas Mills  and Azure Security News We all know that software engineering is important. Shipping quality code on time...

How to use Microsoft Sysmon, Azure Sentinel to log security events

Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

by AZURE SECURITY NEWS EDITOR
April 21, 2021
0

ZertoCON 2021 Virtual – – Zerto, an industry leader in cloud data management and protection, has announced the...

Microsoft is quietly becoming a cybersecurity powerhouse

Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

by AZURE SECURITY NEWS EDITOR
April 21, 2021
0

By SAN JOSE, Calif and Azure Security News  Lynx Software Technologies (Lynx), a pioneering leader in Mission Critical Edge Computing, today...

Secureworks Red Cloak will use Microsoft Defender Advanced Threat Protection

AuthenTrend security keys, biometrics integrated with MyID in Intercede partnership

by AZURE SECURITY NEWS EDITOR
April 21, 2021
0

By Chris Burt and Azure Security News AuthenTrend and Intercede are partnering to enable enterprises to use the latter’s MyID to issue and...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Analyzing Azure Active Directory Sign-In Data with PowerShell

December 18, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Seattle Seahawks Shift From Microsoft Azure to Amazon Web Services

Security should start in software engineering

April 21, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Zerto Announces General Availability of Zerto for Kubernetes and New Public Cloud Capabilities

April 21, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Lynx Software Technologies is making its MOSA.ic for Industrial Product Available in the Microsoft Azure Marketplace

April 21, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In