DX NetOps

 View Only
  • 1.  Spectrum Azure/SAML SSO

    Posted Feb 19, 2020 08:43 AM
    Anyone tried / got this working?

    Spectrum Admin GUI tell this, in the activation SSO form:

    Important: Prior to configuring OneClick to connect to the Identity Provider Server using this configuration page, you must make service configurations that allow this host to connect properly to the Identity Provider Server. Please refer to the guide for instructions before proceeding.

    However, the documentation regarding activating the SAML SSO, mention nothing about this.

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/spectrum/10-4-1/integrating/integrate-with-the-identity-provider-server.html

    I'm trying to enable SAML authorization with Azure as IdP and want to know if my oneclick servers really need to have access directly to azure. I thought the client browser did handle the tokens.

    Please enlighten me!

    /Roberth


  • 2.  RE: Spectrum Azure/SAML SSO
    Best Answer

    Broadcom Employee
    Posted Feb 26, 2020 01:56 AM
    Edited by Diane Craddock Mar 03, 2020 10:18 AM
    Hi Roberth,

    SAML2 support added in 10.4.1.0 and browser shows the following information:

    "Important: Prior to configuring OneClick to use SAML using this configuration page, you must enable SSL and import public certificate of Identity Provider server in to Spectrum. Please refer to the SPECTRUM SAML Integration Guide for instructions before proceeding."

    and please let us know which spectrum version you are using.

    Flow of the SAML SSO authentication with Spectrum-10.4.1.0.

    1. Open the Spectrum OC page in Web browser
    2. If user is not authenticated already, Spectrum OC server creates the SAML AuthNRequest and
    3. Asks the browser to redirect this data to IdP Server.
    4. IdP Server asks the user credentials, authenticate the user and creates SAML response.
    5. Then IdP redirects the SAML response to Spectrum OC server
    6. Spectrum OC server validate the SAML response and extract the username from it. (If fails it shows SAML sign in failed error)
    7. It checks with SpectroSERVER (SS) whether user exist or not.
    8. If user is found in SS then session will be created and Spectrum OC server page will be displayed in Web browser.
    9. If user doesn't exist in SS then Access denied error will be displayed.



    All requests are redirects from Browser to OC server and IdP Server.


  • 3.  RE: Spectrum Azure/SAML SSO

    Posted Mar 05, 2020 11:31 AM
    @Mahendra Gadila, Is this for the Web App only? or can the Java OC App also be configured for SAML based authentication?


  • 4.  RE: Spectrum Azure/SAML SSO

    Broadcom Employee
    Posted Mar 06, 2020 12:34 AM
    This has to be configured in OC server only. not in Web app and OC App clients.

    They will work with existing configurations.


  • 5.  RE: Spectrum Azure/SAML SSO

    Posted Mar 13, 2020 11:35 AM
    @Mahendra Gadila​, Is there a planned support for SAML groups in the roadmap so that we can map Spectrum groups/roles to SAML groups?

    Thanks

    Clyde


  • 6.  RE: Spectrum Azure/SAML SSO

    Posted Apr 17, 2020 09:59 AM
    @Mahendra Gadila, Still looking for some insight as to whether Spectrum will support SAML groups in the future where we can map SAML groups to Spectrum groups/roles.

    Thanks

    Clyde​


  • 7.  RE: Spectrum Azure/SAML SSO

    Broadcom Employee
    Posted Apr 20, 2020 07:33 AM
    Hi Clyde,

    Please create Enhancement request. Product management will look into it.