Hi
Roberth,
SAML2 support added in 10.4.1.0 and browser shows the following information:
"
Important: Prior to configuring OneClick to use SAML using this configuration page, you must enable SSL and import public certificate of Identity Provider server in to Spectrum. Please refer to the SPECTRUM SAML Integration Guide for instructions before proceeding."
and please let us know which spectrum version you are using.
Flow of the SAML SSO authentication with Spectrum-10.4.1.0.
1. Open the Spectrum OC page in Web browser
2. If user is not authenticated already, Spectrum OC server creates the SAML AuthNRequest and
3. Asks the browser to redirect this data to IdP Server.
4. IdP Server asks the user credentials, authenticate the user and creates SAML response.
5. Then IdP redirects the SAML response to Spectrum OC server
6. Spectrum OC server validate the SAML response and extract the username from it. (If fails it shows SAML sign in failed error)
7. It checks with SpectroSERVER (SS) whether user exist or not.
8. If user is found in SS then session will be created and Spectrum OC server page will be displayed in Web browser.
9. If user doesn't exist in SS then Access denied error will be displayed.
All requests are redirects from Browser to OC server and IdP Server.
Original Message:
Sent: 02-19-2020 08:43 AM
From: Robert Edberg
Subject: Spectrum Azure/SAML SSO
Anyone tried / got this working?
Spectrum Admin GUI tell this, in the activation SSO form:
Important: Prior to configuring OneClick to connect to the Identity Provider Server using this configuration page, you must make service configurations that allow this host to connect properly to the Identity Provider Server. Please refer to the guide for instructions before proceeding.
However, the documentation regarding activating the SAML SSO, mention nothing about this.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-1/integrating/integrate-with-the-identity-provider-server.html
I'm trying to enable SAML authorization with Azure as IdP and want to know if my oneclick servers really need to have access directly to azure. I thought the client browser did handle the tokens.
Please enlighten me!
/Roberth