search cancel

SAML2.0 Clone Default User Does not Work As Stated

book

Article ID: 215011

calendar_today

Updated On:

Products

DX NetOps CA Performance Management - Usage and Administration

Issue/Introduction

We're relying on the "Clone Default User Accounts" which states the role given to an SSO/SAML2 authorized would default to "user" or whatever role we pick, BUT "an existing user account is required".  Having an existing required account ensures that only accounts currently in PM gain access through SSO.  This is not working.  While testing, we've found that any user (even those without accounts in CAPC) get access to the application with authenticated through SSO/SAML2.

We are using SAML2 with "Clone Default User Accounts" and the documentation says "an existing user account is required" but its letting any user login to the system

Environment

Release : 20.2

Component : IM Data Aggregator

Resolution

You need to either set the cloned user to a user that does not exist (anything but NULL) for it to not create a user and login for the SAML2 user

You could also create a user and disable that user. Then use that user as the clone. If the user really needs access, they contact the admin to enable their new external disabled account.