NEW_ALM12 Outstanding Contributor.
Outstanding Contributor.
337 views

Has any one enabled SSO authentication in ALM Octane?

Hi Folks, 

I am aware of links that are out there from MF. But, those links are difficult to understand in terms of process to enable SSO authentication in ALM Octane. Some of the information available in these links just confuse me. 

https://admhelp.microfocus.com/octane/en/latest/Online/Content/InstallationGuide/Configure_OtherSettings.htm#mt-item-7 and https://admhelp.microfocus.com/octane/en/latest/Online/Content/AdminGuide/SSO-federated-support.htm?Highlight=authentication#mt-item-2

So, do you know the easiest and simplest steps or if you have enabled SSO authentication in your environment, would you please help me undertsand the process and eable SSO in my ALM Octane?

I tried reaching to MF regular Support. But unfortunatly, their answer is just go and look this... As they stated, "so please note this kind of configuration is not supported by us directly , our scope is just limited to provide the respective guideline as you can see in the following guide https://admhelp.microfocus.com/octane/en/latest/PDFs/ALM_Octane_Installation_Guide.pdf on page 9 ahead."

Question I asked to MF Support was,  How do we get sso.login.saml2.idp.metadata-url?
 While going through the guide to enroll SSO authentication in ALM Octane, it is suggested to have sso.login.saml2.idp.metadata-url. How or where do we get this information?

0 Likes
8 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: Has any one enabled SSO authentication in ALM Octane?

Hi,

SSO configuratoin means - Trust establishment on two sides 

1.  Customer IdP (Identity Provider)
      installed on customer site and managed by the customer

2. Octane SP

part of it is exchanging metadata files beween the above two componenets.

Octane's metadata can be aquired via the below URL:

<protocol>://<host>:<port>/osp/a/au/auth/saml2/sp-metadata

 

The means to aquire the IdP metadata is vendor dependent (ADFS, PingFederate, Keycloak and others) and is sometimes configurable and should be verified within the customer organization with the relevant persona within the organization that is responsible for it, or the relevant product documentation.

this is why it is not included in Octane's documentation. 

 

As to the minimal steps required for SSO configuration in Octane, pls find the below:

 

Key items we require as prerequisite for SSO configuration:  Trust establishment on both sides (customer IdP & Octane SP)

  • Octane SP
    This requires the below information prepared:
    1. Key pair (private and public keys)
    2. Key pair should be stored in a keystore
      (default type p12 but jks is also supported)
    1. Customer IdP’s metadata
      (either file itself or accessible link to it)
    2. Keystore

Should Meet the below requirements:

  1. Keystore should be accessible from Octane file system (not by url)
  2. We should know keystore password
  3. We should know key pair alias name inside keystore
  4. We should know key pair password inside keystore

         3. SAML attributes
              the important one is:

              user name:

             Valid values are: 

              '{$id}'. Mapping is to the NameID in the SAML response's subject. Default.

               or

               userName. Mapping is to the username in the SAML attribute statement.

               for the other fields we have defaults as specified here:     https://admhelp.microfocus.com/octane/en/latest/Online/Content/InstallationGuide/Configure_OtherSettings.htm#SP-Settings

                 customer should go over them and verify it should be modified

 

The next should be done once Octane is up configured with SSO

  • Customer IdP – this should be solely done by customer on his IdP
    Trust Configuration on IdP side:
    Share ALM Octane’s metadata with the IdP

To obtain ALM Octane’s metadata, navigate to:

<protocol>://<host>:<port>/osp/a/au/auth/saml2/sp-metadata

0 Likes
NEW_ALM12 Outstanding Contributor.
Outstanding Contributor.

Re: Has any one enabled SSO authentication in ALM Octane?

Im stil confused. I might be wrong and sorry. But, to me, its still vague. 

This is a new tool and also new method of authentication. So, I guess its been difficulties for everyone to implement SSO auth in their environment.

@Jesper I was  reading some of your ideas and items about SSO authentication implementation in your environment. Would you be able to help me out to walk throuh the process to implement SSO auth in my environment?

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Has any one enabled SSO authentication in ALM Octane?

Hi,

I suggest that you open a ticket to MF support and they can provide you with the guidelines how to configure ALM Octane to support SSO.

Regards,

Sigal

 

0 Likes
NEW_ALM12 Outstanding Contributor.
Outstanding Contributor.

Re: Has any one enabled SSO authentication in ALM Octane?

In fact, I opend a case. If im not wrong that case is with L1 support. Annd Support Er. mentioned that this type of items should be accomplished on our own as IDP is on customer side. 

I totally get IDP is on our side but, there are still multiple things that are not clear on guide and unavailable a a reference.

Unfortunatly, below is a message from Support Er. on my case.

"so please note this kind of configuration is not supported by us directly , our scope is just limited to provide the respective guideline as you can see in the following guide https://admhelp.microfocus.com/octane/en/latest/PDFs/ALM_Octane_Installation_Guide.pdf on page 9 ahead"

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: Has any one enabled SSO authentication in ALM Octane?

Hi,

Can you tell what exactly is not clear?

What vendor of IdP are you using?

Have you started with the SSO configuration and a particualr step is not clear?

0 Likes
Jesper Honored Contributor.
Honored Contributor.

Re: Has any one enabled SSO authentication in ALM Octane?

....and please also be aware Octane synch will not work, when SSO i enabled:(

I guess this is not mentioned in documentation anywhere...

br jesper

Tags (2)
0 Likes
NEW_ALM12 Outstanding Contributor.
Outstanding Contributor.

Re: Has any one enabled SSO authentication in ALM Octane?

@Jesper Is it because Sync Admin created in Sync server is not associated with SSO profile?

0 Likes
Jesper Honored Contributor.
Honored Contributor.

Re: Has any one enabled SSO authentication in ALM Octane?

Not sure why - seems to me like "someone" forgot it. We were told the following from MF support

----------------------------

Hi Everyone,

After the internal discussion R&D have stated that they will be able to create SSO working Synchronizer no sooner than CP11. For the time being you have to revert back the SSO.

I’m sorry for the inconvenience. If you have anything that you wish to share to them you can let me know.

Best Regards,

--------------------------------------

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.