2 Replies Latest reply: May 14, 2018 9:56 AM by Alejandro Tovar RSS

Change Authentication Service for APM

Alejandro Tovar

Hi

 

This implementation has several SteelCentral products using the authentication service 1.4.

 

Among others, the current Portal implementation (1.5.3) have 90% of customized content, and finally the Portal 2.1 have the option to import all that information.

 

Problem here is that Portal no loger uses authentication service 1.4, now it has its own and roles can be imported from AS.

 

Questions here might be:

 

NetIM and AppINternals use the AS to validate users, what options can I take:

 

Save the AS and install it on a new server (outside the virtual Portal appliance), so NetIM and AppInternals are connected to it?  or

Migrate the AS to the NetIM server and maintain it for NetIM and AppInternals? or

Upgrade all of them so they all use SAML 2.0 for authentication?

 

I guess I need more information on how SAML works.  Any suggestion?

 

Thanks and regards!

 

Alejandro

  • Re: Change Authentication Service for APM
    H P

    At this time, the AS is potentially the only product that does not have an option to configure SAML. This is expected soon. NetIM 1.3 does have a SAML option. Note that at the moment, neither of these servers can be 'pointed' to a single SAML server but this will be made available soon.

     

    If you would like to keep SCAS authentication for NetIM, and AppInternals, you have the option to (there may be more options I have not considered):

     

    1. Utilize the SCAS instance that comes bundled with NetIM and restore your Authentication Service config onto this SCAS. Then point NetIM and AppInternals AS to the NetIM SCAS.

    2. Install SCAS on a separate server (restore the user data from Portal) and point the AppInternals AS, and NetIM to this server for authentication.

     

    While several people refer to SAML as the replacement to SCAS - SAML is really an authentication mechanism that allows SSO login using PingFederated, ADFS, etc. Portal 2.1 and NetIM 1.3 allow this capability.

     

    Portal 2.1 also allows RADIUS / TACAS / AD integration (and migration of SCAS config from earlier versions).

     

    Hope this helps.