To begin using SAML 2.0 for user authentication in CA Performance Center, set some parameters on the identity provider (IdP). Any IdP that supports the SAML 2.0 standard should work, but CA has only tested with CA SiteMinder.
You can manually configure the IdP, or you can import the IdP agreement from the Single Sign-on server.
Manually Configure the IdP
Follow these steps:
http://MyServerName:8381/sso/saml2/UserAssertionService
where 8381 is the port that Single Sign-On uses.
Note: HTTP Redirect is the only binding method that Single Sign-On supports.
The logout service and the response location are both required. These services are running on the server where Single Sign-On is installed.
Use the following examples:
http://MyServerName:8381/sso/saml2/LogoutService http://MyServerName:8381/sso/saml2/LogoutServiceResponse
This step can involve adding these websites to a list of federation partnership entities.
Import the IdP Agreement File
Follow these steps:
You exported this file after you completed other setup steps using the Single Sign-On Configuration Tool. For more information, see Configure SAML Support in Single Sign-On.
This step can involve adding these websites to a list of federation partnership entities.
Troubleshooting
Problem:
You see the following error message after configuring SAML:
RelayState is either null or a blank string. RelayState must be set for SSO to work correctly.
Invalid syntax, RelayState=<value>
RelayState does not have parameter SsoRedirectUrl, RelayState=<value>
Reason:
Some IdPs do not return the RelayState= value that CA Performance Center sends to the IdP during authentication verification.
Resolution:
Manually configure RelayState for your IdP. Use the following syntax:
SsoProductCode=pc&SsoRedirectUrl=http://[assign the value for CAPC in your book]:8181/pc/desktop/page
Note: For secure communications, replace http: with https:, and replace the port number.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|