Testing SAML Compatibility
This topic applies to on-premises installations.
Before you can use SAML as the default authentication mode in CAM, you must configure SAML in CSM. See https://help.cherwell.com for information on configuring SAML and configuring the REST API for SAML authentication for CSM.
To add the CAM:
- In CSM Administrator, go to the Security category and select Authentication Whitelist from the task panel.
- In the Whitelisted Hosts window, select Internal CSM Clients from the Client drop-down list.
- Select New.
- Enter the CAM DNS.
- Select Save.
Once SAML is properly configured in CSM, you need to test your SAML configuration for compatibility when logging in from CAM web applications (Reporting (including SaaS Analytics), Purchasing, and License Analytics).
To test, force
CAM
to use SAML authentication by appending the query parameter
auth_mode=SAML
to the end of the
CAM
web application URLs.
http://<cam-machine>/CAMReporting/Default.aspx?auth_mode=SAML
http://<cam-machine>/CAMLicenseAnalytics/Default.aspx?auth_mode=SAML
http://<cam-machine>/CAMPurchasing/Default.aspx?auth_mode=SAML
http://<cam-machine>/CAMSaaSAnalytics/?auth_mode=SAML
If the test is successful, the CAM web application opens and you are logged in. You may notice several redirect messages while you wait. After a successful test, you can set SAML as the default authentication method in your database; you won't need to append the query parameter used in the test anymore.
If the test is not successful, an error is shown. Check your SAML identity provider's error logs for information on the problem.