Automic Workload Automation

Hello,

We have a question from one of our customers if there is a possibility to utilize PingID for the AWI login.
We are currently using Ldap Sync but there is a push from the security team to utilize PingID wherever possible.
I am totally unfamiliar with SSO/SAML and even after reading the documentation about SAML implementation i am not able to figure this out.

For the time being we are on 12.3.6 but we will upgrade to v21.0.4 in few months. Dev system is single node, while Prod is distributed env with 4 nodes. I found some posts regarding issues when implementing SSO in distrubuted env. Is that still the case?

I would appreciate if there is any guides of how to properly implement SAML2 with PingID (or similar). 

------------------------------
------------------------------
Automic SME @ DXC.Technology
------------------------------
------------------------------

Hi Krum,

Did you make any progress on this PingID integration? 

Thanks!

Original Message:
Sent: Feb 24, 2023 12:58 PM
From: Krum Ganev
Subject: Automic - LDAP sync + SSO , SAML with PingID (Ping Identity)

Hello,

We have a question from one of our customers if there is a possibility to utilize PingID for the AWI login.
We are currently using Ldap Sync but there is a push from the security team to utilize PingID wherever possible.
I am totally unfamiliar with SSO/SAML and even after reading the documentation about SAML implementation i am not able to figure this out.

For the time being we are on 12.3.6 but we will upgrade to v21.0.4 in few months. Dev system is single node, while Prod is distributed env with 4 nodes. I found some posts regarding issues when implementing SSO in distrubuted env. Is that still the case?

I would appreciate if there is any guides of how to properly implement SAML2 with PingID (or similar). 

------------------------------
------------------------------
Automic SME @ DXC.Technology
------------------------------
------------------------------

Last week ive tried to configured that but with no avail.

Steps that were took :

1. Enabling the SAML in UC_SYSTEM_SETTING
2. from UC_SAML_SETTING in *SP key - adjusting 'entityID' and 'Location' to AWI link
3. Sent the XML (for *SP key) to the PingID team
4. Creating new Key in UC_SAML_SETTING with our domain (KRFT) and placing the XML provided by PingID team as the value
5. Enabling the sso in configuration.properties of AWI

However when we try to login - Access Denied error appears (after the PingID auth)

20240207/121457.514 - 73     U00045271 Checking SAML token for Single sign-on.
20240207/121457.543 - 73     U00045325 Received SAML token as '<samlp:Response>'
20240207/121457.545 - 73     U00045306 'saml2p:Response' in SAML response has another destination. Received 'null' but expected 'http://<awi_server>:8060/awi/'.
20240207/121457.545 - 73     U00000009 'KRFT': Access denied

We may need to raise ticket to Support for more advises as neither me, nor the PingID team are sure why this error appear and how to proceed from this point on to correct it.

------------------------------
------------------------------
Automic SME @ DXC.Technology
------------------------------
------------------------------

Original Message:
Sent: Feb 14, 2024 12:16 AM
From: Chandrasekaran Venkataraman
Subject: Automic - LDAP sync + SSO , SAML with PingID (Ping Identity)

Hi Krum,

Did you make any progress on this PingID integration? 

Thanks!

Original Message:
Sent: Feb 24, 2023 12:58 PM
From: Krum Ganev
Subject: Automic - LDAP sync + SSO , SAML with PingID (Ping Identity)

Hello,

We have a question from one of our customers if there is a possibility to utilize PingID for the AWI login.
We are currently using Ldap Sync but there is a push from the security team to utilize PingID wherever possible.
I am totally unfamiliar with SSO/SAML and even after reading the documentation about SAML implementation i am not able to figure this out.

For the time being we are on 12.3.6 but we will upgrade to v21.0.4 in few months. Dev system is single node, while Prod is distributed env with 4 nodes. I found some posts regarding issues when implementing SSO in distrubuted env. Is that still the case?

I would appreciate if there is any guides of how to properly implement SAML2 with PingID (or similar). 

------------------------------
------------------------------
Automic SME @ DXC.Technology
------------------------------
------------------------------