Enable SAML Authentication for xFlow Interface

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents.
casm172
Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. SAML SSO works by transferring the user’s identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents.
This article explain how to enable SAML authentication for
xFlow Interface
.
Follow these steps:
  1. Ensure that HTTPS is enabled for
    CA Service Management
     
    xFlow Interface
    . For more information, see Enable Secure Socket Layer for xFlow Interface.
  2. Launch CA Service Desk Manager and login as Administrator.
  3. Go to the Administration tab and navigate to
    xFlow Interface
    , General in the left hand navigation.
    The General Configurations List page opens.
  4. Find the following from the Configuration Key column and specify the values as specified below:
    1. federation.audienceuris
      Specifies the URI of the application from where to accept the tokens.
      Example:
      https://<xflow_url>:<port_number>/samllogin
    2. federation.enableManualRedirect
      Specifies whether you want to enable manual redirection of the token or not. True indicates that you want to enable the manual redirection and False indicates that you do not want to enable the manual redirection.
      Default:
       false
    3. federation.realm
      Specifies the location from where the tokens are sent.
      Example:
      https://<xflow_url>:<port_number>/samllogin
    4. federation.reply
      Specifies the URL of the location that receives responses.
      Example: 
      https://<xflow_url>:<port_number>/samllogin
    5. federation.trustedissuers.friendlyname
      Specifies a common name for the Identity Provider.
      Example:
      ADFS Signing - <trusted_issuer_URL>.
    6. federation.trustedissuers.issuer
      Specifies the URL of the Identity Provider.
      Example:
       https://<trusted_issuer_URL>/<identity_provider>/ls/idpinitiatedsignon.aspx.
    7. federation.trustedissuers.thumbprint
      Specifies the value of the certificate thumbprint provided by the Identity Provider.
      Example:
      0214c3035d002505b9e5e672a117d9bf5c5d4d02
      The certificate you want to use to configure the Identity Provider must be
      SHA-256
      signed.
      The thumbprint you use from the SHA-256 certificate must be the
      SHA-1
      thumbprint.
    8. authenticationtype
      Specifies the authentication mechanism you want to enable for single sign-on. The available options are SAML, SSO, NTLM and BASIC.
      Enter SAML as the configuration value.
  1. Restart the CASM
    xFlow Interface
     service.
    You have successfully enabled SAML based single sign-on authentication for CASM
    xFlow Interface
    .