SSO network configuration requirements

Applies to NAM 2018

This information is essential to installing or upgrading to NAM 2018 (NAM 2018).

Important

For a successful NAM deployment, you must follow the network configuration instructions here.

  • The NAM Console and NAM Server use SAML 2.0 to manage user credentials (all sign-on activity) within your NAM deployment.
  • All users accessing the NAM Server (via NAM Server public URL) are automatically redirected to the NAM Console for authorization.
  • To be authorized by the NAM Console, all users must have access to both the NAM Server public URL and NAM Console public URL.

Network requirements for NAM Server and NAM Console

When installing the NAM Console and NAM Server, you have to provide public URLs and private addresses:

  • Public URLs
    Public URLs are required for authorizing users. Users accessing a NAM Server must have access to that NAM Server's public URL and to the NAM Console public URL, because each NAM Server user is transparently redirected to the NAM Console public URL for authentication and then back to the NAM Server public URL.
  • Private addresses
    Private addresses are used for internal communication between NAM components. All configuration and maintenance communication goes over these private addresses. They do not need to be accessible to users.
  • The default port for the NAM Console private address is 4183. The port for the public URL for the NAM Console can be different. If your port for the public NAM Console URL is different from the port for the private NAM Console address, specify the port along with the public URL (for example, http://myrumconsole.mydomain.com:8080).

Make sure that all NAM Servers in your deployment are able to communicate with the NAM Console. Otherwise, NAM Server users will not be able to sign in.

Network topology with default configuration

Using the default configuration, there is no external IdP. The NAM Console manages all user authentication, which is why all your NAM Server users need network access to the NAM Console.

Console sign-on without external IdP:
NAM Console authentication: internal

Server sign-on without external IdP:
NAM Server authentication: internal

Authentication details in default configuration:
NAM 2018 with internal SSO

Network topology with external IdP

Using the external IdP configuration (optional), all user authentication goes through the NAM Console and then to the external IdP. The external IdP manages user authentication, but all your NAM Server users need network access to the NAM Console.

Console sign-on with external IdP:
NAM Console authentication: external

Server sign-on with external IdP:
NAM Server authentication: external

Authentication details for external IdP:
NAM 2018 with external IdP

More on SSO