Questions about SAML support in CAPM (DX-NETOPS) - what, if anything will break when SAML is implemented.

book

Article ID: 211770

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Customer is wanting to enable SAML authentication.  Currently using LDAP auth.

Is anything going to operate differently with SAML?  Like REST-API on NetOps Portal, ODATA on DA, RestAPI on DA?

Replace LDAP with SAML what changes 

Environment

Release : 20.2

Component : PERFORMANCE MANAGEMENT INTEGRATIONS

Resolution

PC rest services already only work for local accounts.

odataquery will work with saml2 as we send user to SSO service.

odata api requires basic auth (or a CADefaultCookie which they can't generate), so odata api can work with LDAP or local accounts, BUT can NOT work with SAML2 accounts as we send user to SAML2 server.  We can't do that via a script.

DA rest doesn't require auth right now, but in 21.2 we do make all DA webservices require basic auth (or CADefaultCookie), so webservices will require PC or LDAP account.  no SAML2 for DA webservices either.

There is the PC proxy for DA rest and odata/api but both will prompt for basic auth if coming in from a script.  Browser, if user is logged into PC, will send PC login creds to PC proxy and not get prompted. We highly suggest using service accounts for any DA webservice/odata-api calls from scripts.

PC webservice will also not be useable with automation using SAML user.