Setting SAML as Default Authentication Method

 This topic applies to on-premises installations.

Once you've tested your SAML configuration, you can follow these steps to switch from CSM authentication (including LDAP/Windows authentication) to SAML:

  1. Exit CAM Administrator.
  2. Bring up a command prompt as administrator and navigate to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Execute the following command:

    EncryptWebConfigs.exe webauth --csmauth=CSM/SAML --dbserver=<CAM-database-server> --dbname=<CAM-database-name> --dbuser=<CAM-database-username> --dbpassword=<CAM-database-password> --apihost=<dns-of-CSM-host-including-protocol> --apikey=<csm-rest-api-key> --apiuser=CSDAdmin --apipassword=<CSDAdmin-password> --dryrun

    This will simulate changing the authentication type to SAML without actually making the changes.

  4. Issue the above command again, this time without --dryrun to actually make the configuration change to use CAM authentication.

SAML is now the default authentication method. When you launch CAM Administrator or one of the CAM web applications, your organization's sign-on page (rather than the CAM sign-on page) is shown.

Switching Back to CSM Authentication

If you need to use CSM authentication for a single session, you can do one of the following:

  • Close the sign-on dialog box to get prompted for internal (CSM) credentials.
  • Append the query parameter auth_mode=internal to the end of the CAM web application URLs.


    • http://<cam-machine>/CAMReporting/Default.aspx?auth_mode=internal
    • http://<cam-machine>/CAMLicenseAnalytics/Default.aspx?auth_mode=internal
    • http://<cam-machine>/CAMPurchasing/Default.aspx?auth_mode=internal

To change the authentication method default from SAML back to CSM, use the EncryptWebConfigs.exe tool with the command line shown above, specifying --csmauth=CSM/REST as the CSM authentication type.