ONTAP Discussions
ONTAP Discussions
Hello,
Currently I've been using the Netapp Ontap < 9.x XML api by making simple HTTP Post requests with basic authentication to the servlet: /servlets/netapp.servlets.admin.XMLrequest like many of the docs and examples have shown.
Recently, one of our systems has enabled SAML authentication and as a result I am currently unable to make requests to the same api using the standard HTTP Post and passing along the user/pass in the headers like I was before. Usually I will get a redirect for these HTTP Post requests.
How would I go about implementing authentication on top of what I already have to get it working again?
Solved! See The Solution
Right. So I misunderstood your original question. The short answer - I believe you can't/shouldn't (just use a password/certificate).
SAML is essentially a signed token that the IDP give the user agent to pass onto the SP (ONTAP).
*taken from Wikipedia.
If your IDP happy to give the token to your script - which will still likely require you to authenticate to the IDP (with a password)?, and your script module can process the JS script the IDP returns to redirect you into the ONTAP login and ONTAP accepts it, that all might work...
But I think none of these will happen. The IDP will not authenticate a non-browser, the script module will not process the JS, and the NetApp login will not accept SAML token on the ZAPI site.
Hi
You need to choose how a given user will authenticate (SMAL/password/domain/public key).
http://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/security__login__create.html
http://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-991/security__login__modify.html
Right I got that far, but I'm not exactly sure on the actual implementation if it's based on SAML. Are there any examples for this sort of thing?
Right. So I misunderstood your original question. The short answer - I believe you can't/shouldn't (just use a password/certificate).
SAML is essentially a signed token that the IDP give the user agent to pass onto the SP (ONTAP).
*taken from Wikipedia.
If your IDP happy to give the token to your script - which will still likely require you to authenticate to the IDP (with a password)?, and your script module can process the JS script the IDP returns to redirect you into the ONTAP login and ONTAP accepts it, that all might work...
But I think none of these will happen. The IDP will not authenticate a non-browser, the script module will not process the JS, and the NetApp login will not accept SAML token on the ZAPI site.