Testing SAML Compatibility

 This topic applies to on-premises installations.

This testing process assumes you have already configured CAM to use CSM authentication.

Before you can use SAML as the default authentication mode in CAM, you must configure SAML in CSM. See https://help.cherwell.com for information on configuring SAML and configuring the REST API for SAML authentication for CSM.

Important: When configuring CSM 10.4.2 or newer, you must also add the CAM DNS to CSM's internal clients whitelist.

To add the CAM:

  1. In CSM Administrator, go to the Security category and select Authentication Whitelist from the task panel.
  2. In the Whitelisted Hosts window, select Internal CSM Clients from the Client drop-down list.
  3. Select New.
  4. Enter the CAM DNS.
  5. Select Save.

Once SAML is properly configured in CSM, you need to test your SAML configuration for compatibility when logging in from CAM web applications (Reporting (including SaaS Analytics), Purchasing, and License Analytics).

To test, force CAM to use SAML authentication by appending the query parameter auth_mode=SAML to the end of the CAM web application URLs.

  • http://<cam-machine>/CAMReporting/Default.aspx?auth_mode=SAML
  • http://<cam-machine>/CAMLicenseAnalytics/Default.aspx?auth_mode=SAML
  • http://<cam-machine>/CAMPurchasing/Default.aspx?auth_mode=SAML
  • http://<cam-machine>/CAMSaaSAnalytics/?auth_mode=SAML

If the test is successful, the CAM web application opens and you are logged in. You may notice several redirect messages while you wait. After a successful test, you can set SAML as the default authentication method in your database; you won't need to append the query parameter used in the test anymore.

If the test is not successful, an error is shown. Check your SAML identity provider's error logs for information on the problem.