How to enroll NetBackup Flex Scale primary server as a service provider to ADFS when the cluster is deployed with both NetBackup primary and media servers
Description
To enroll NetBackup Flex Scale primary server as a service provider to ADFS
Download the Federation Metadata XML by using the following link.
https://<adfs_server_name>/FederationMetadata/2007-06/FederationMetadata.xmlOpen NetBackup Flex UI, Go to Setting > Directory Services management > Configure AD. Assign Administrator role to any AD user.
Enable SSO. Navigate to Setting > Security management > Single sign-on(SSO) > Add > Upload Federation XML. Enter all the values and click Save.
Download Service provider XML from Access Appliance.
To upload the XML to the ADFS server, open the ADFS management console. Navigate to Start > Server Manager > ADFS > Tools.
- Select Relying Party Trusts option. Click Add Relying Party Trust to open the Add Relying Party Trust Wizard to configure NetBackup Flex Scale as a service provider.
- On the Welcome screen, select the Claims aware option. Click Start. This enables the ADFS application to consume security tokens to make authentication and authorization decisions.
- Use the Import data about the relying party from a file option to import the SP metadata XML file previously downloaded from the NetBackup Flex Scale primary server. Enter the Federation Metadata file location using the Browse option.
- Ignore the warning message and provide the name of your configuration in the Display name field. For example: the name of your primary server: trans-com-win. Click Next.
- Give a display name for your relying party trust and click Next.
- Select the Access Control Policy based on the requirements of your organization. If you have configured MFA (multifactor authentication), then select an appropriate option. Else, select for Permit everyone and click Next.
- Complete the configuration by clicking Next and then click Close.
- For your relying party, click Edit claim issuance policy.
- Add a rule to enable ADFS to access attribute values of authenticated users from the Active Directory. In the Edit Claim Issuance Policy window, click Add Rule to enable ADFS to access attribute values of authenticated users from the Active Directory. The Add Transform Claim Rule Wizard opens.
- Ensure that you select the Send LDAP Attributes as Claims template in the Choose Rule Type screen. Click Next.
- In the Configure Claim Rule screen, provide any name to identify the claim rule. Ensure that you select the Attribute store as Active Directory.
- Click Finish to apply the rule on the Edit claim issuance policy screen.
- Disable the CRL check on your configuration from PowerShell. Run the following command from the AD FS server:
Get-AdfsRelyingPartyTrust -Identifier https://<Primary Server>/netbackup/sso/callback/SAML2Client | Set-AdfsRelyingPartyTrust -SigningCertificateRevocationCheck None -EncryptionCertificateRevocationCheck None
This is to ensure that the NBCA issues certificates as these certificates do not have CRL information.
- Go to the NetBackup Flex UI and click Login with SSO.
Related Knowledge Base Articles
How to enroll NetBackup Flex Scale primary server as a service provider to PingFederate
How to enroll NetBackup Flex Scale primary server as a service provider to Okta
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.