Single Sign-On

Single Sign-On is the authentication scheme for npc and all supported data sources. Once they are authenticated to npc, users can navigate the console and registered data sources without signing in again.
Single Sign-On is the
NetOps Portal
component that supports Single Sign-On (SSO). It is the authentication scheme for
NetOps Portal
and all supported data sources. After the data sources are authenticated to
NetOps Portal
, users can navigate the console and registered data sources without having to sign in again.
Enabling the navigation of multiple product interfaces ensures a seamless drilldown experience for operators analyzing performance and status data. For example, if a user logs in to
NetOps Portal
and follows a drilldown path to the data source interface, that user does not log in again.
NetOps Portal
uses a distributed architecture. When you install a data source or
NetOps Portal
on a server, the Single Sign-On website is also automatically installed. The distributed architecture lets users log in to data source products by logging in to the servers where these products are running.
In this article:
Authentication and Security
Single Sign-On provides authentication services to
NetOps Portal
and supported data sources. It also supports external authentication schemes, such as Lightweight Directory Access Protocol (LDAP) and Security Assertion Markup Language (SAML) 2.0. This support lets you integrate
NetOps Portal
and other applications into the same authentication scheme, enterprise-wide.
When a user is required to enter a username and password, Single Sign-On security auditing logs information about who is logging in, and at what time of day. On Linux servers, Single Sign-On saves this log in the
<installation_directory>
/PerformanceCenter/sso/logs
directory.
Authentication Methods
The
Single Sign-On login
page supports user authentication in
NetOps Portal
and in the data source products. Single Sign-On supports the following authentication methods:
  • Product authentication, which is based on user accounts
  • LDAP
  • SAML 2.0
The
NetOps Portal
Administrator can modify settings for an individual instance of Single Sign-On. For example, you can set up LDAP authentication in Single Sign-On. You can also configure optional encryption with Secure Sockets Layer (SSL) or change the default virtual directory.
As a result of the distributed architecture, any updates to the Single Sign-On website affect only those data source products that are running on the same server.
Supported Data Sources
Single Sign-On supports the following data sources:
  • Data aggregator
  • DX NetOps Network Flow Analysis
  • CA Application Delivery Analysis
  • CA Unified Communications Monitor
The Single Sign-On Configuration Tool
The Single Sign-On (SSO) Configuration tool (SSOConfig) is a command-line utility that Administrators can use to adjust the settings for the Single Sign-On website and the associated data source. This tool runs on Linux systems, but you can also deploy it on the Windows servers where data sources are installed.
On Linux, the configuration tool is installed in the
<installation_directory>
/PerformanceCenter
directory. You can send configuration instructions to data sources that are running on Windows by entering the
1. Remote Value
option when prompted by the configuration tool.
On Windows servers where data sources are installed, the configuration tool is installed in the
<installation_directory>
\Portal\SSO\bin\SsoConfig.exe
directory. On Windows servers where data sources are installed, log in as an Administrator on that server.
You can perform the following tasks using this tool:
  • Enable LDAP/LDAPS authentication.
    For more information, see Enable LDAP/LDAPS Authentication.
  • Validate the current LDAP settings.
    For more information, see Validate LDAP Settings.
  • Update the virtual directory for the Single Sign-On website that each data source references.
    If you added an encryption scheme or if you updated the virtual directory for the Single Sign-On website, you can synchronize the data sources using this tool. For example, data sources on the modified server need instructions on where to redirect users who do not successfully authenticate.
    For more information, see Configure the Single Sign-On Security Settings.
  • Enable FIPS-compliant encryption and hashing algorithms (where applicable).
    You can configure
    DX NetOps Performance Management
    to use FIPS-compliant encryption and hashing algorithms using the configuration tool.
    For more information, see Enable FIPS-Compliant Encryption.
  • Manage the custom HTTP headers.
    Out of the box,
    DX NetOps Performance Management
    includes the recommended custom HTTP headers. You can modify these per your security requirements.
    For more information, see Manage Custom HTTP Headers.
  • Configure the
    NetOps Portal
    security settings, such as enabling Single Sign-On spoofing protection.
    For more information, see Configure the DX NetOps Security Settings Using the SSO Configuration Tool.