SAML2 Configuring OneClick to work with ADFS
search cancel

SAML2 Configuring OneClick to work with ADFS


Article ID: 270121


Updated On:


DX NetOps CA Spectrum


The following is the Broadcom support documentation I am referencing:

SAML2 Authentication in DX NetOps Spectrum (

After speaking with our ADFS IdP we would need more elaboration on this SAML setup as follows:

  • It is unclear to the IdP how to build the application out from the documentation. They would need more elaboration on Step 2 below:

  • We would need to provide them some sort of XML file that the IDP would import to build for SAML authentication
  • These XML files, would typically have the following elements as far as we know:
    • EntityID
    • URLs for sign on/logout
    • optional x509 certificates used for signing/encryption
    • other XML stuff like formats for nameid, etc




Release : 22.2


ADFS SAML IDP Configuration:

Add a relying party trust


  1. Open ADFS.

  2. Click “Relying Party Trusts” on the left sidebar. 

  3. Click “Add Relying Party Trust...” on the right sidebar to open the “AD FS Relying Party Trust Wizard”

  4. Select “Claim aware” and click next

  5. On the “Select Data Source“ page, select Enter data about the relying party manually and click Next.

  6. On the Specify Display Name page: provide an app name like SpectrumSSO and click next

  7. Configure Certificate”: It is optional.  Users can import Spectrum OneClick certificate here

  8. Configure URL

    Select Enable support for the SAML 2.0 WebSSO protocol.
    Relying party SAML 2.0 SSO service URL

  9. Configure Identifiers

    Give https://OneclickServerURL:port/spectrum/

  10. Choose Access Control Policy: select Permit everyone and click Next.

  11. Ready to Add Trust: Review and Select Next

  12. Finish

Edit Claim Issuance Policy

  1. Open Edit Clain issuance policy wizard

  2. Add Rule, Select LDAP and Click next

  3. Claim rule name:

    1. Add Claim rule name
    2. Select Active Directory as an Attribute store
    3. Map LDAP attributes to the Outgoing Claim Type
                “Name ID”  is the mandatory field. It is the username to used in Spectrum.

  4. Click on Finish and exit.

Configure Spectrum SAML 

  1. Get ADFS Idp Metadata URL

  2. Open the Spectrum OneClick server admin page of SSO

  3. Copy the ADFS metadata URL to “IDP Metadata URL” and Click Save.

  4. Restart the Oneclick server.
  5. It uses the ADFS as SAML.