How to enroll NetBackup as a service provider in Shibboleth Identity provider

Article: 100047747
Last Published: 2020-05-22
Ratings: 1 0
Product(s): NetBackup

How to enroll NetBackup as a service provider in Shibboleth Identity provider

 

(This document assumes that Shibboleth identity provider is already installed and is connected to the Active directory or LDAP)

1.    Download shibboleth IDP metadata.xml file using Shibboleth API (https://<shibbolleth_server>/idp/shibboleth)

2.    Add the downloaded IDP-metadata.xml file in NetBackup through nbidpcmd CLI or identity provider configurations API’s.

3.    Download the NetBackup master server’s service provider metadata.xml using NetBackup API (https://<netbackupmaster>/netbackup/sso/saml2/metadata)

4.    Copy the downloaded sp-metadata.xml to shibboleth IDP.

5.    Add the MetadataProvider in IdP\conf\metadata-providers.xml file In Shibboleth IDP <MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="<sp-metadata.xml file path>"/>

6.    Add AttributeRules for userPrincipalName and memberOf attributes in IdP\conf\attribute-filter.xml file In Shibboleth IDP.

7.    Add AttributeDefinitions for userPrincipalName and memberOf attributes in IdP\conf\attribute-resolver.xml file In Shibboleth IDP.

NOTE: memberOf attribute is required only in case user is part of user groups in active directory or LDAP. Value of memberOf attribute is expected to be in {cn=groupname, ou=orgname, dn=domainname}  format.

8.    Restart the Shibboleth IDP Daemon.

 

Was this content helpful?