DX UIM SAML Authentication details
search cancel

DX UIM SAML Authentication details

book

Article ID: 369017

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

I have enabled SAML authentication in our UIM 23.4.1 environment, but it's not clear to me how the authentication happens.

SAML is working, as I can log in with a SAML account to the Operator Console. However, I'm unsure where this account is created in UIM and how I can set permissions for it. Additionally, I would like to know how to choose which origins this account can access. Is it necessary for LDAP to be enabled for use with SAML? 

Environment

DX UIM 23.4.1

SAML

Resolution

1) LDAP authentication can function independently without SAML, but if SAML is desired, LDAP becomes mandatory for integration.
2) To begin, LDAP is enabled in UIM by configuring the LDAP server details and credentials in the hub.cfg file under the ldap -> server section, facilitating user authentication queries.
3) Subsequently, in the IM interface, under Security -> Manage Access Control List, UIM ACLs are linked to LDAP Groups, ensuring appropriate permissions for logged-in users.
4) When employing SAML, upon receiving the SAML response at OC, the user principal is extracted from the SAML token and triggers a callback called 'user_info' in the hub by passing the user name as a parameter. This gives us additional details such as user ACL, last name, email etc.
5) Utilizing these details, UIM assigns permissions to users based on user ACL, ensuring secure and tailored access control.