If enabled, you can login to Network Configuration Manager using Security Assertion Markup Language (SAML) authentication.
To enable SAML authentication in Network Configuration Manager, follow these steps:
| Step |
Action |
| 1 |
Log into the server as the root user. |
| 2 |
Navigate to the [Product Directory]/tools/saml-util directory.
Note:
Replace [Product Directory] with the path to the directory where Network Configuration Manager is installed. For example, VOYENCE_HOME/tools/saml-util directory. |
| 3 |
Type perl enableSaml.pl to run the enable SAML utility, and press Enter. |
| 4 |
After successful execution of the preceding enableSaml.pl script, the samlsysadmin user is created in NCM under System Administration > User management > System Users. For primary, the content of the sample SamlAssertion.xml file has been provided with this section. |
| 5 | Use the given sample SamlAssertion.xml file. |
| 6 | Use any 3rd party tool (for example https://www.samltool.com/base64.php), and encode the SamlAssertion.xml content to base64 format. |
| 7 | Copy the Base64 Encoded XML from, and use URL Encoder from https://www.samltool.com/url.php to get the URL Encoded Data. |
| 8 | Copy the URL Encoded Data, and generate the powerup.jnlp file by executing the following command from any Linux server or from command prompt where you have curl: curl -k -X POST https://<NCM AS IP address>:8880/voyence/launchClient?samlAssertion=<URL Encoded Data> powerup.jnlp Modify the IP address to point to the NCM AS and generate the powerup.jnlp file using the URL Encoded Data. |
| 9 | Copy the powerup.jnlp file to your client machine from where you want to launch NCM, and then launch NCM UI. |
| 10 | NCM is launched successfully without asking you to enter credentials. |
Following is the content of the sample SamlAssertion.xml file:
<?xml version="1.0"?> <samlp:Response InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Destination="http://sp.example.com/demo1/index.php?acs" IssueInstant="2016-12-20T01:01:48Z" Version="2.0" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> <samlp:Status> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion IssueInstant="2016-12-19T01:01:48Z" Version="2.0" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> <saml:Subject> <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="http://sp.example.com/demo1/metadata.php">samlsysadmin</saml:NameID> <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Recipient="http://sp.example.com/demo1/index.php?acs" NotOnOrAfter="2024-01-18T06:21:48Z"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotOnOrAfter="2024-02-04T15:41:54.000Z" NotBefore="2022-1-22T15:41:54.000Z"> <saml:AudienceRestriction> <saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience> </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93" SessionNotOnOrAfter="2024-07-17T09:01:48Z" AuthnInstant="2016-12-19T01:01:48Z"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> </saml:AuthnStatement> <saml:AttributeStatement> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="uid"> <saml:AttributeValue xsi:type="xs:string">samlsysadmin</saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="mail"> <saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue> </saml:Attribute> <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="eduPersonAffiliation"> <saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue> <saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> </samlp:Response>
