SAML Authentication for Spectrum OneClick Console limited to One Time Use
search cancel

SAML Authentication for Spectrum OneClick Console limited to One Time Use

book

Article ID: 191729

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

After enabling SAML Authentication for Spectrum Server the OneClick JNLP file saved to the desktop only works one time.

Environment

Release : 10.4.1 - 21.2

Component : Spectrum Core / SpectroSERVER

Cause

With SAML, web browsers (Chrome, Firefox) are required to redirect SAML requests to the IdP Server and respond back to OneClick servers.

This cannot be achieved with OneClick Console Clients as they use rest API framework.

Resolution

When using SAML it is required to authenticate against https://oneclick-server.mydomain.com/spectrum/ each time you want to use the OneClick Console or WebApp.

Spectrum assigns the security token for OneClick clients for one-time use and the token expires once the JNLP file is opened.

SAML authentication is done with IdP servers, and these JNLP files won't contact IdP Servers, and cannot use them for multiple times due to token security.