SSO and federation

Applies to NAM 2018

Authentication ► SSO and federation

For more about SSO, see Single sign-on (SSO) in NAM.

SSO configuration

Use the SSO configuration switches to:

  • Set the URL and type of connection (HTTPS or HTTP) that NAM will use for communication with the external IdP.
  • Enable or disable SSO via an external IdP.

If you need to switch off SSO through an external IdP, this is where to do it.

  • HTTPS
    Recommended. HTTPS is the more secure method. To use HTTPS to communicate with an IdP, enter the URL and set the HTTPS switch to On.
  • HTTP
    Not recommended. HTTP is the less secure method. To use HTTP to communicate with an IdP, enter the URL and set the HTTP switch to On.

Federation services configuration

The Federation services configuration section has two edit boxes:

XML metadata of Service Provider
This metadata describes your NAM deployment in SAML 2.0 format. As described in the procedure that follows, you will need to take a copy of it from here (copy to clipboard or down as a file) and deliver it to your IdP.

XML metadata of Identity Provider
This metadata describes your IdP in SAML 2.0 format. As described in the procedure that follows, you will need to take a copy of the data from your IdP and paste or upload it here.

Disabling an external IdP

If you are using an external IdP and it goes down, or if you have other problems with SSO, you may want to temporarily access NAM using the default internal SSO.

To switch back to internal SSO:

  1. Get the address of your NAM Console machine.
  2. On your browser address line, open the following:
    https://<console address>:<port>/console/login.xhtml?local
    where <console address>:<port> is the IP address and port of the console machine.
    Example:
    https://console.company.com:4183/console/login.xhtml?local

If you want to continue using internal SSO, you can turn off your external IdP configuration:

  1. Open Authentication ► SSO and federation.
  2. Set the Active switch to Off.