search cancel

Questions about SAML support in CAPM (DX-NETOPS) - what, if anything will break when SAML is implemented.


Article ID: 211770


Updated On:


CA Performance Management - Usage and Administration DX NetOps


Customer is wanting to enable SAML authentication.  Currently using LDAP auth.

Is anything going to operate differently with SAML?  Like REST-API on NetOps Portal, ODATA on DA, RestAPI on DA?

Replace LDAP with SAML what changes 


Release : 20.2



PC rest services already only work for local accounts.

odataquery will work with saml2 as we send user to SSO service.

odata api requires basic auth (or a CADefaultCookie which they can't generate), so odata api can work with LDAP or local accounts, BUT can NOT work with SAML2 accounts as we send user to SAML2 server.  We can't do that via a script.

DA rest doesn't require auth right now, but in 21.2 we do make all DA webservices require basic auth (or CADefaultCookie), so webservices will require PC or LDAP account.  no SAML2 for DA webservices either.

There is the PC proxy for DA rest and odata/api but both will prompt for basic auth if coming in from a script.  Browser, if user is logged into PC, will send PC login creds to PC proxy and not get prompted. We highly suggest using service accounts for any DA webservice/odata-api calls from scripts.

PC webservice will also not be useable with automation using SAML user.