NetBackup™ Self Service Configuration Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.3.0.1, 10.3)
  1. Configuring a Self Service solution
    1.  
      About configuring a Self Service solution
    2.  
      Self Service scheduled backup
    3.  
      Configuration checklist
  2. Configuring a NetBackup primary server
    1.  
      About configuring the NetBackup primary server
    2.  
      Enabling communication with a Windows NetBackup primary server
    3.  
      Enabling communication with a UNIX NetBackup primary server
    4.  
      Enabling communication with a NetBackup appliance
    5.  
      Enabling communication with a NetBackup primary server using the REST API
    6.  
      Creating NetBackup Template Policies
  3. Configuring Self Service
    1.  
      About Self Service configuration
    2.  
      Configuring backup servers
    3.  
      Configuring protection
    4.  
      Configuring storage
    5.  
      Configuring tenants
    6.  
      Access rights
    7.  
      Registering computers
    8. Configuring the home page
      1.  
        Home page integration settings
  4. Customizing Self Service
    1.  
      Language settings
    2.  
      Themes
    3.  
      Notices
  5. User authentication methods
    1.  
      About user authentication methods
    2.  
      Forms based authentication
    3.  
      Windows Authentication
    4.  
      Active Directory Import
    5.  
      Configuring Self Service to use Federated Single Sign-On
  6. Troubleshooting
    1.  
      About troubleshooting
    2.  
      Where to find troubleshooting information
    3.  
      Impersonation of a tenant user
    4.  
      Issues with Remote PowerShell to Windows primary servers
    5.  
      Issues with HTTPS configuration
  7. Appendix A. NetBackup policy types
    1.  
      List of NetBackup policy types
  8. Appendix B. Dashboard traffic light status and usage
    1.  
      About dashboard traffic light status and usage
    2.  
      Assets with a protection type
    3.  
      Assets without a Protection Type
    4.  
      Usage and Charging
    5.  
      Tenant Quota Enforcement
  9. Appendix C. Synchronizing data from NetBackup
    1.  
      About synchronizing data from NetBackup
  10. Appendix D. NetBackup Self Service data caching process
    1.  
      About NetBackup Self Service data caching process
    2.  
      NetBackup Data Synchronization
    3.  
      Backup Now
    4.  
      Protect
    5.  
      Unprotect
  11. Appendix E. Integration settings
    1.  
      About integration settings
    2.  
      NetBackup Adapter
    3.  
      NetBackup Adapter Usage
    4.  
      NetBackup Adapter Access Rights
  12. Appendix F. REST API
    1.  
      About the REST API
  13. Appendix G. Glossary
    1.  
      Glossary

Configuring Self Service to use Federated Single Sign-On

Self Service supports Federated Single Sign-On through the WS-Federation Passive Protocol. It is implemented with Microsoft Windows Identity Foundation (WIF), and uses Security Assertion Markup Language (SAML) tokens for claims transfer. It does not, however, support the SAML2 Protocol, SAML-P.

When Self Service is installed, it is configured with Forms Authentication that requires the first logon to use the admin account.

To authenticate through the identity provider:

  1. Create users in the Self Service database, who correspond to users in the identity provider.
  2. Edit the Self Service appsettings.json file to enable federated single sign-on.
Create a user in Self Service

The User ID is used to identify users in Self Service. Claims are used to identify users in the identity provider. For authentication to succeed, users in Self Service must have a User ID that matches the value in one of the claims from the identity provider.

Self Service looks at the following claims when it attempts to find the Self Service user: Name, Email, Windows Account Name, and UPN. Typically Name and Windows Account Name have the format domain\username, and typically Email and UPN have the format username@domain.

You can enter Users through the portal or import in bulk, either directly from Active Directory or by a .CSV file.

Edit appsettings.json to enable Federated Single Sign-On

To change the appsettings.json file to enable federated single sign-on:

  1. Navigate to install_path\WebSite.
  2. Open appsettings.json with Notepad as Administrator.
  3. Find the <FederationAuthentication> section and set Enabled to true, and set Wtrealm and MetadataAddress to the desired values.
  4. Save the appsettings.json file.

If you have to switch back to Forms Authentication, edit the appsettings.json, and set the Enabled option to false in the FederationAuthentication section. One instance where you would switch back to Forms Authentication is to recover from a problem.

Log on to Self Service

To confirm that the system is fully configured for Federated logon:

  1. Close and re-open Internet Explorer
  2. Restart IIS
  3. Enter the URL of Self Service
  4. If your environment uses test certificates, accept the two certificate errors
  5. Enter the credentials for the previously created user. The user should successfully log on.