Updating SAML authentication settings after Unified Manager security certificate change
PDF of this doc site
- Install Unified Manager on VMware vSphere systems
- Install Unified Manager on Linux systems
- Install Unified Manager on Windows systems
Perform configuration and administrative tasks
- Configuring Active IQ Unified Manager
- Using the maintenance console
Monitor and manage storage
- Monitoring and managing clusters from the dashboard
- Provisioning and managing workloads
- Managing and monitoring MetroCluster configurations
Manage events and alerts
- Managing events
Monitor and manage cluster performance
- Navigating performance workflows in the Unified Manager GUI
- Monitoring cluster performance from the Performance Cluster Landing page
- Monitoring performance using the Performance Inventory pages
- Monitoring performance using the Performance Explorer pages
- Collecting data and monitoring workload performance
- Analyzing performance events
Monitor and manage cluster health
Common Unified Manager health workflows and tasks
- Monitoring and troubleshooting data availability
- Managing backup and restore operations
- Common Unified Manager health workflows and tasks
Protect and restore data
- Creating and troubleshooting protection relationships
Generate custom reports
- Sample custom reports
Any change to the HTTPS security certificate installed on the Unified Manager server requires that you update the SAML authentication configuration settings. The certificate is updated if you rename the host system, assign a new IP address for the host system, or manually change the security certificate for the system.
After the security certificate is changed and the Unified Manager server is restarted, SAML authentication will not function and users will not be able to access the Unified Manager graphical interface. You must update the SAML authentication settings on both the IdP server and on the Unified Manager server to re-enable access to the user interface.
Log into the maintenance console.
In the Main Menu, enter the number for the Disable SAML authentication option.
A message displays to confirm that you want to disable SAML authentication and restart Unified Manager.
Launch the Unified Manager user interface using the updated FQDN or IP address, accept the updated server certificate into your browser, and log in using the maintenance user credentials.
In the Setup/Authentication page, select the SAML Authentication tab and configure the IdP connection.
Copy the Unified Manager host metadata URI, or save the host metadata to an XML text file.
A message box displays to confirm that you want to complete the configuration and restart Unified Manager.
Click Confirm and Logout and Unified Manager is restarted.
Access your IdP server and enter the Unified Manager server URI and metadata to complete the configuration.
Identity provider Configuration steps
Delete the existing relying party trust entry in the ADFS management GUI.
Add a new relying party trust entry using the
saml_sp_metadata.xmlfrom the updated Unified Manager server.
Define the three claim rules that are required for Unified Manager to parse ADFS SAML responses for this relying party trust entry.
Restart the ADFS Windows service.
Update the new FQDN of Unified Manager server into the
Restart the Apache Tomcat web server and wait for port 8005 to come online.
Log in to Unified Manager and verify that SAML authentication works as expected through your IdP.