SAML2 Configuring OneClick to work with ADFS
search cancel

SAML2 Configuring OneClick to work with ADFS

book

Article ID: 270121

calendar_today

Updated On:

Products

DX NetOps CA Spectrum

Issue/Introduction

The following is the Broadcom support documentation I am referencing:


SAML2 Authentication in DX NetOps Spectrum (broadcom.com)


After speaking with our ADFS IdP we would need more elaboration on this SAML setup as follows:

  • It is unclear to the IdP how to build the application out from the documentation. They would need more elaboration on Step 2 below:



  • We would need to provide them some sort of XML file that the IDP would import to build for SAML authentication
  • These XML files, would typically have the following elements as far as we know:
    • EntityID
    • URLs for sign on/logout
    • optional x509 certificates used for signing/encryption
    • other XML stuff like formats for nameid, etc

 

 

Environment

Release : 22.2

Resolution

ADFS SAML IDP Configuration:

Add a relying party trust

 

  1. Open ADFS.

  2. Click “Relying Party Trusts” on the left sidebar. 

  3. Click “Add Relying Party Trust...” on the right sidebar to open the “AD FS Relying Party Trust Wizard”

  4. Select “Claim aware” and click next

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=qCqvaRw5DovA5i9VtanQhA==


  5. On the “Select Data Source“ page, select Enter data about the relying party manually and click Next.

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=kXM8RyjPOwD25Ultqm/Qjw==



  6. On the Specify Display Name page: provide an app name like SpectrumSSO and click next

  7. Configure Certificate”: It is optional.  Users can import Spectrum OneClick certificate here

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=Tf5Jq7YD9fu0ggQBcG4WaA==



  8. Configure URL

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=hYUJemWn1ZkFrTbSwESxlA==


    Select Enable support for the SAML 2.0 WebSSO protocol.
    Relying party SAML 2.0 SSO service URL
    https://OneclickServerURL:port/spectrum/


  9. Configure Identifiers

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=gZO3VgCMvEDSZxm9TqeA6g==



    Give https://OneclickServerURL:port/spectrum/


  10. Choose Access Control Policy: select Permit everyone and click Next.

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=crIMh3WJc0VpJ2M3Oqu6JA==


  11. Ready to Add Trust: Review and Select Next

  12. Finish



Edit Claim Issuance Policy

  1. Open Edit Clain issuance policy wizard

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=9tRPx35Wg0F4Ro3jBhkwVg==


  2. Add Rule, Select LDAP and Click next

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=JuByImIT+ErgxcI1J3EjUw==


  3. Claim rule name:

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=MJ2guYtjbt+Oxp9txtJvPw==
    1. Add Claim rule name
    2. Select Active Directory as an Attribute store
    3. Map LDAP attributes to the Outgoing Claim Type
                “Name ID”  is the mandatory field. It is the username to used in Spectrum.


  4. Click on Finish and exit.



Configure Spectrum SAML 


  1. Get ADFS Idp Metadata URL
  2. Open the Spectrum OneClick server admin page of SSO

    https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=SphOG5iA5S+z0spo+Ez1Fw==


  3. Copy the ADFS metadata URL to “IDP Metadata URL” and Click Save.

  4. Restart the Oneclick server.
     
  5. It uses the ADFS as SAML.

Powered by Wolken Software