SAML Authentication for Spectrum OneClick Console limited to One Time Use

book

Article ID: 191729

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

After enabling SAML Authentication for Spectrum Server the OneClick JNLP file saved to the desktop only works one time.

Cause

With SAML, web browsers (Chrome, Firefox, Internet Explorer) are required to redirect SAML requests to the IdP Server and respond back to OneClick servers.

This cannot be achieved with OneClick Console Clients as they use rest API framework.

Environment

Release : 10.4.1

Component : Spectrum Core / SpectroSERVER

Resolution

When using SAML it is required to authenticate against http://spectrumserver.net/spectrum/ each time you want to use the OneClick Console or WebApp.

Spectrum assigns the security token for OneClick clients for one-time use and the token expires the once JNLP file is opened.

SAML authentication is done with IdP servers, and these JNLP files won't contact IdP Servers, and cannot use them for multiple times due to token security.