Understanding the SAML authentication workflow
Applies to
- ONTAP System Manager 9.3 and later
- Security Assertion Markup Language (SAML)
Answer
The following is the SAML workflow and error messages seen during the setup/configuration of SAML in ONTAP System Manager.
SAML/OCSM Workflow
Steps:
- The administrator connects to a NetApp cluster using ONTAP System Manager.
- ONTAP System Manager looks up the configured IdP for the cluster.
- ONTAP System Manager redirects the administrator’s browser to the IdP.
- The IdP prompts the administrator for credentials. The IdP is responsible for multiple authentication factors.
- The IdP verifies the administrator’s credentials in Active Directory.
- The IdP issues a SAML assertion and redirects the administrator’s web browser back to ONTAP System Manager .
- ONTAP System Manager processes the SAML assertion, and then looks up the authorization role from its internal database.
- The session is established and ONTAP System Manager returns a SAML session token to the administrator’s web browser in the Set-Cookie header. From this point on, the administrator is allowed access to ONTAP System Manager using a secure SAML token.
Additional Information