If enabled, you can login to Network Configuration Manager using Security Assertion Markup Language (SAML) authentication.
To enable SAML authentication in Network Configuration Manager, follow these steps:
| Step |
Action |
| 1 |
Log into the server as the root user. |
| 2 |
Navigate to the [Product Directory]/tools/saml-util directory.
Note:
Replace [Product Directory] with the path to the directory where Network Configuration Manager is installed. For example, VOYENCE_HOME/tools/saml-util directory. |
| 3 |
Type perl enableSaml.pl to run the enable SAML utility, and press Enter. |
| 4 |
After successful execution of the preceding script, the samlsysadmin user is created in NCM under System Administration > User management > System Users. For reference, the content of the sample SamlAssertion.xml file has been provided with this section. |
| 5 |
Modify the sample SamlAssertion.xml file as follows to add the user name that exists in NCM: <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid- format:transient">samlsysadmin</saml:NameID> |
| 6 |
Modify the sample SamlAssertion.xml file as follows to add NotBefore, NotOnOrAfter dates, so that NCM allows the user to log in if the date is between a valid range: <saml:Conditions NotBefore="2016-12-22T15:41:54.000Z" NotOnOrAfter= "2019-02-04T15:41:54.000Z"> |
| 7 |
Encode to base64 format, and then perform urlencode the SamlAssertion.xml content. For reference, the content of the sample SamlAssertion.xml file has been provided with this section. |
| 8 |
Modify the IP address to point to the NCM AS and generate the powerup.jnlp file using the encoded string. Execute the following command from any Linux server or from command prompt if you have curl: curl -k -X POST https://<NCM AS IP address>:8880/voyence/launchClient?samlAssertion=encoded-string > powerup.jnlp |
| 9 |
Copy the powerup.jnlp file to your client machine from where you want to launch NCM, and then launch NCM UI. |
| 10 |
NCM is launched successfully without asking the user to enter credentials. |
Following is the content of the sample SamlAssertion.xml file:
<?xml version="1.0"?> -<samlp:Response InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Destination="http://sp.example.com/demo1/index.php?acs" IssueInstant="2016-12-20T01:01:48Z" Version="2.0" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> -<samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> -<saml:Assertion IssueInstant="2016-12-19T01:01:48Z" Version="2.0" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> -<saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="http://sp.example.com/demo1/metadata.php">samlsysadmin</saml:NameID> -<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Recipient="http://sp.example.com/demo1/index.php?acs" NotOnOrAfter="2024-01-18T06:21:48Z"/> </saml:SubjectConfirmation> </saml:Subject> -<saml:Conditions NotOnOrAfter="2019-02-04T15:41:54.000Z" NotBefore="2016-12-22T15:41:54.000Z"> -<saml:AudienceRestriction> <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> -<saml:AuthnStatement SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93" SessionNotOnOrAfter="2024-07-17T09:01:48Z" AuthnInstant="2016-12-19T01:01:48Z"> -<saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> -<saml:AttributeStatement> -<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="uid"> <saml:AttributeValue xsi:type="xs:string">samlsysadmin</saml:AttributeValue> </saml:Attribute> -<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="mail"> <saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue> </saml:Attribute> -<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="eduPersonAffiliation"> <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>
