This documentation corresponds to an older version of the product, is no longer updated, and may contain outdated information.
Please access the latest versions from https://cisco-tailf.gitbook.io/nso-docs and update your bookmarks. OK
The Single Sign-On functionality enables users to login via HTTP based northbound APIs with a single sign-on authentication scheme, such as SAMLv2. Currently it is only supported for the JSON-RPC northbound interface.
Note
For Single Sign-On to work, the Package Authentication needs to be enabled (see the section called “Package Authentication” in Administration Guide).
When enabled, the endpoint /sso is made public and handles
single sign-on attempts.
An example configuration for the cisco-nso-saml2-auth Authentication
Package is presented below. Note that
/ncs-config/aaa/auth-order does not need to be set for Single
Sign-On to work!
ncs.conf to enable SAMLv2 Single Sign-On.
<aaa>
<package-authentication>
<enabled>true</enabled>
<packages>
<package>cisco-nso-saml2-auth</package>
</packages>
</package-authentication>
<single-sign-on>
<enabled>true</enabled>
</single-sign-on>
</aaa>
A client attempting single sign-on authentication should request the
/sso endpoint and then follow the continued authentication
operation from there. For example, for cisco-nso-saml2-auth the client is
redirected to an Identity Provider (IdP), which subsequently handles the
authentication, and then redirects the client back to the
/sso endpoint to validate the authentication and setup the
session.