Skip to main content
NetApp Knowledge Base

Understanding the SAML authentication workflow

Views:
1,582
Visibility:
Public
Votes:
1
Category:
ontap-system-manager
Specialty:
om
Last Updated:

Applies to

  • ONTAP System Manager 9.3 and later
  • Security Assertion Markup Language (SAML)

Answer

The following is the SAML workflow and error messages seen during the setup/configuration of SAML in ONTAP System Manager.

SAML/OCSM Workflow

Understanding the SAML authentication workflow

Steps:

  1. The administrator connects to a NetApp cluster using ONTAP System Manager.   
  2. ONTAP System Manager looks up the configured IdP for the cluster.
  3. ONTAP System Manager redirects the administrator’s browser to the IdP.
  4. The IdP prompts the administrator for credentials. The IdP is responsible for multiple authentication factors.
  5. The IdP verifies the administrator’s credentials in Active Directory.
  6. The IdP issues a SAML assertion and redirects the administrator’s web browser back to ONTAP System Manager .
  7. ONTAP System Manager processes the SAML assertion, and then looks up the authorization role from its internal database.
  8. The session is established and ONTAP System Manager returns a SAML session token to the administrator’s web browser in the Set-Cookie header. From this point on, the administrator is allowed access to ONTAP System Manager using a secure SAML token.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.