NetOps Portal SSO / SAML2 how to default back to local authentication for non-SAML accounts

search cancel

NetOps Portal SSO / SAML2 how to default back to local authentication for non-SAML accounts

book

Article ID: 409425

calendar_today

Updated On:

Products

Network Observability CA Performance Management

Issue/Introduction

How can users go through local authentication for non-SAML2 accounts in CA Performance Management (CAPM)?

For Spectrum, this is done by adding the users to non-saml-config.xml as per SAML2 Authentication in DX NetOps Spectrum so similarly, what is the process for CAPC /DX NetOps if we want to allow local authentication when SAML2 is configured?

Environment

DX NetOps CAPM all currently supported releases

Cause

When you enable SAML in the Portal, you are redirected to the Idp for authentication by default.

The default for PM is to go to SAML or Oauth if enabled, otherwise default to sign-in.jsp. So if either SAML/Oauth is enabled, the user will be sent there if going directly to the Portal URL.

If the user account does not exist in IdP, the authentication fails but there isn't a fallback to the local authentication. The only way is going manually to the URL provided in the Resolution section below.

Resolution

To be able to use any user whose credentials are in the Portal database, you have to directly access the Portal local authentication login form using this specific URL to AVOID the redirection to the SAML IdP:

http://<PORTAL_HOST>:8381/sso/sign-in.jsp?SsoProductCode=pc

Where <PORTAL_HOST> is the Hostname or IP address of the NetOps Portal server.

Local users MUST bookmark the above login link to bypass SAML2 authentication. There is no way for PM to know SAML vs non-SAML when going to website.

Feedback

thumb_up Yes

thumb_down No