SAML2 Configuring OneClick to work with ADFS
search cancel

SAML2 Configuring OneClick to work with ADFS

book

Article ID: 270121

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

With reference to the information on this section of NetOps documentation

SAML2 Authentication in DX NetOps Spectrum (broadcom.com)


After speaking with the ADFS IdP we would need more elaboration on this SAML setup as follows:

  • It is unclear to the IdP how to build the application out from the documentation. They would need more elaboration on Step 2 below:



  • We would need to provide some sort of XML file that the IDP would import to build for SAML authentication
  • These XML files, would typically have the following elements as far as we know:
    • EntityID
    • URLs for sign on/logout
    • optional x509 certificates used for signing/encryption
    • other XML stuff like formats for nameid, etc

 

 

Resolution

ADFS SAML IDP Configuration:

Add a relying party trust

 

  1. Open ADFS.

  2. Click “Relying Party Trusts” on the left sidebar. 

  3. Click “Add Relying Party Trust...” on the right sidebar to open the “AD FS Relying Party Trust Wizard”

  4. Select “Claim aware” and click next




  5. On the “Select Data Source“ page, select Enter data about the relying party manually and click Next.





  6. On the Specify Display Name page: provide an app name like SpectrumSSO and click next

  7. Configure Certificate”: It is optional.  Users can import Spectrum OneClick certificate here




    Configure URL




    Select Enable support for the SAML 2.0 WebSSO protocol.
    Relying party SAML 2.0 SSO service URL
    https://OneclickServerURL:port/spectrum/


  8. Configure Identifiers




    Give https://OneclickServerURL:port/spectrum/

    Choose Access Control Policy: select Permit everyone and click Next.




  9. Ready to Add Trust: Review and Select Next

  10. Finish

Edit Claim Issuance Policy

  1. Open Edit Clain issuance policy wizard




  2. Add Rule, Select LDAP and Click next




  3. Claim rule name:
    1. Add Claim rule name
    2. Select Active Directory as an Attribute store
    3. Map LDAP attributes to the Outgoing Claim Type
                “Name ID”  is the mandatory field. It is the username to used in Spectrum.


  4. Click on Finish and exit.



Configure Spectrum SAML 


  1. Get ADFS Idp Metadata URL
    • Open AD FS
    • Open Service
    • Select  Endpoints” 
    • Go to the Metadata section.




    • Copy the URL
    • Example:  https://SERVER/federationmetadata/2007-06/federationmetadata.xml
    • “SERVER” is your federation service FQDN


  2. Open the Spectrum OneClick server admin page of SSO




  3. Copy the ADFS metadata URL to “IDP Metadata URL” and Click Save.

  4. Restart the Oneclick server.
     
  5. It uses the ADFS as SAML.

Powered by Wolken Software