Multiple SSO Nodes with xFlow via SAML Authentication
search cancel

Multiple SSO Nodes with xFlow via SAML Authentication

book

Article ID: 205770

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

I would like to configure multiple SSO nodes xFlow

Environment

Release : 17.2

Component : SERVICE DESK MANAGER

Resolution

We have verified load balancer xFlow(Primary and secondary) with SAML using ADFS environment. It is working as expected.

To Support Load balancer(Multiple xFlow  servers) for xFlow with SAML we need to follow below steps in ADFS and xFlow settings.

ADFS side settings:-

In ADFS Relying party trust:-

1)Under Identifiers add below.

https://<loadbalancer hostname or IP>:<port_number>/samllogin

Example: https://10.131.234.22:443/samllogin

2) Under Endpoints add below for both WS-Federation Passive Endpoints and SAML Assertion Consumer Endpoints.

https://<loadbalancer hostname or IP>:<port_number>/samllogin

Example: https://10.131.234.22:443/samllogin

xFlow side settings:-

Go to the Administration tab and navigate to xFlow Interface, General in the left hand navigation.

The General Configurations List page opens.

#1) Find the following from the Configuration Key column and specify the values as specified below:

1.federation.audienceuris

https://<loadbalancer hostname or IP>:<port_number>/samllogin|https://<loadbalancer hostname or IP>:<port_number>/samllogin

Example:

https://10.131.234.22:443/samllogin|https://10.131.234.22:443/samllogin

2.federation.enableManualRedirect

      Example:  False

3.federation.realm

https://<loadbalancer hostname or IP>:<port_number>/samllogin

Example:

https://10.131.234.22:443/samllogin

4.federation.reply

https://<loadbalancer hostname or IP>:<port_number>/samllogin

Example:

 https://10.131.234.22:443/samllogin

5.federation.trustedissuers.friendlyname

: Specifies a common name for the Identity Provider.

Example:

ADFS Signing - <trusted_issuer_URL>.

6.federation.trustedissuers.issuer

: Specifies the URL of the Identity Provider.

 https://<trusted_issuer_URL>/<identity_provider>/ls/idpinitiatedsignon.aspx.

Example:

https://casm-adfs.casmadfsqa.local/adfs/ls/idpinitiatedsignon.aspx

7.federation.trustedissuers.thumbprint

: Specifies the value of the certificate thumbprint provided by the Identity Provider.

Example:

0214c3035d002505b9e5e672a117d9bf5c5d4d02

#2)authenticationtype

Specifies the authentication value as SAML in the configuration value.

Restart the CA xFlow Interface service.

SDM side settings there is no change.

i.e we should continue the same as below.

Launch CA SDM and enable the external user authentication from UI for the user role that you want to allow the SAML based SSO access.

Additional Information

defect DE58110

Powered by Wolken Software