Security

Hey Airheads, 

I'm currently planning a solution with 2 servers in Azure and client wants to use SAML for admin authentication. 

I've built this with a single node before and it works fine but not clear on the mechanism when clustering is involved. 

As you can only have a single SAML SP config in the cluster, and the Entity ID in Azure is the FQDN of the publisher , what happens when you try and login on a subscriber? 

Does the SAML Entity ID and ACS URL work across all cluster members upon redirect from Azure ?

Thanks
Scott

------------------------------
Scott Doorey
------------------------------

So i did some playing in the lab and i think i've figured this out. 

Each CPPM server hostname must be listed in the Entity ID and ACS URL section  and there should be no entry in the login URL section. 



------------------------------
Scott Doorey
------------------------------

Original Message:
Sent: Mar 27, 2022 10:09 PM
From: Scott Doorey
Subject: ClearPass SAML Admin logins on subscribers

Hey Airheads, 

I'm currently planning a solution with 2 servers in Azure and client wants to use SAML for admin authentication. 

I've built this with a single node before and it works fine but not clear on the mechanism when clustering is involved. 

As you can only have a single SAML SP config in the cluster, and the Entity ID in Azure is the FQDN of the publisher , what happens when you try and login on a subscriber? 

Does the SAML Entity ID and ACS URL work across all cluster members upon redirect from Azure ?

Thanks
Scott

------------------------------
Scott Doorey
------------------------------