If enabled, you can login to Network Configuration Manager using Security Assertion Markup Language (SAML) authentication.

To enable SAML authentication in Network Configuration Manager, follow these steps:

Step

Action

1

Log into the server as the root user.

2

Navigate to the [Product Directory]/tools/saml-util directory.

Note:

Replace [Product Directory] with the path to the directory where Network Configuration Manager is installed. For example, VOYENCE_HOME/tools/saml-util directory.

3

Type perl enableSaml.pl to run the enable SAML utility, and press Enter.

4

After successful execution of the preceding enableSaml.pl script, the samlsysadmin user is created in NCM under System Administration > User management > System Users.

For primary, the content of the sample SamlAssertion.xml file has been provided with this section.

5 Use the given sample SamlAssertion.xml file.
6 Use any 3rd party tool (for example https://www.samltool.com/base64.php), and encode the SamlAssertion.xml content to base64 format.
7 Copy the Base64 Encoded XML from, and use URL Encoder from https://www.samltool.com/url.php to get the URL Encoded Data.
8

Copy the URL Encoded Data, and generate the powerup.jnlp file by executing the following command from any Linux server or from command prompt where you have curl:

curl -k -X POST https://<NCM AS IP address>:8880/voyence/launchClient?samlAssertion=<URL Encoded Data> powerup.jnlp

Modify the IP address to point to the NCM AS and generate the powerup.jnlp file using the URL Encoded Data.

9 Copy the powerup.jnlp file to your client machine from where you want to launch NCM, and then launch NCM UI.
10 NCM is launched successfully without asking you to enter credentials.

Following is the content of the sample SamlAssertion.xml file:

<?xml version="1.0"?>
<samlp:Response InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Destination="http://sp.example.com/demo1/index.php?acs" IssueInstant="2016-12-20T01:01:48Z" Version="2.0" ID="_8e8dc5f69a98cc4c1ff3427e5ce34606fd672f91e6" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion IssueInstant="2016-12-19T01:01:48Z" Version="2.0" ID="_d71a3a8e9fcc45c9e9d248ef7049393fc8f04e5f75" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" SPNameQualifier="http://sp.example.com/demo1/metadata.php">samlsysadmin</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData InResponseTo="ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685" Recipient="http://sp.example.com/demo1/index.php?acs" NotOnOrAfter="2024-01-18T06:21:48Z"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotOnOrAfter="2024-02-04T15:41:54.000Z" NotBefore="2022-1-22T15:41:54.000Z">
<saml:AudienceRestriction>
<saml:Audience>http://sp.example.com/demo1/metadata.php</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement SessionIndex="_be9967abd904ddcae3c0eb4189adbe3f71e327cf93" SessionNotOnOrAfter="2024-07-17T09:01:48Z" AuthnInstant="2016-12-19T01:01:48Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="uid">
<saml:AttributeValue xsi:type="xs:string">samlsysadmin</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="mail">
<saml:AttributeValue xsi:type="xs:string">[email protected]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" Name="eduPersonAffiliation">
<saml:AttributeValue xsi:type="xs:string">users</saml:AttributeValue>
<saml:AttributeValue xsi:type="xs:string">examplerole1</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>