SAML Authentication for Spectrum OneClick Console limited to One Time Use


Article ID: 191729


Updated On:


CA Spectrum CA eHealth


After enabling SAML Authentication for Spectrum Server the OneClick JNLP file saved to the desktop only works one time.


With SAML, web browsers (Chrome, Firefox, Internet Explorer) are required to redirect SAML requests to the IdP Server and respond back to OneClick servers.

This cannot be achieved with OneClick Console Clients as they use rest API framework.


Release : 10.4.1

Component : Spectrum Core / SpectroSERVER


When using SAML it is required to authenticate against each time you want to use the OneClick Console or WebApp.

Spectrum assigns the security token for OneClick clients for one-time use and the token expires the once JNLP file is opened.

SAML authentication is done with IdP servers, and these JNLP files won't contact IdP Servers, and cannot use them for multiple times due to token security.