Before configuring CA SiteMinder, you must configure SAML in ThoughtSpot. Use this procedure to set up CA SiteMinder for use with ThoughtSpot:
Configure the Local Identity Provider Entity as follows:
Section Entry Entity Location Local Entity Type SAML2 IDP Entity ID Any (Relevant ID) Entity Name Any (Relevant name) Description Any (Relevant description) Base URL https://<FWS_FQDN> where FWS_FQDN is the fully-qualified domain name for the host serving SiteMinder Federation Web Services Signing Private Key Alias Select the correct private key alias or import one if not done already Signed Authentication Requests Required No Supported NameID format Optional
Create the Remote SP Entity, either via a metadata import or manually. To configure the Remote SP entity manually, select Create Entity. Create ThoughtSpot as a Remote Entity with following details:
Section Entry Entity Location Remote New Entity Type SAML2 SP Entity ID Your cluster Entity Name Any (relevant name) Description Any (relevant description) Assertion Consumer Service URL (Relevant URL) Verification Certificate Alias Select the correct certificate or import one if not done already. This is used to verify the signature in incoming requests Supported NameID Format Optional
- You will now configure the Federation Partnership between CA SiteMinder (the IDP) and ThoughtSpot (the Remote SP) in CA SiteMinder. Log in to CA SiteMinder.
- Navigate to Federation -> Partnership Federation -> Create Partnership (SAML 2 IDP -> SP).
Click Configure Partnership and fill in the following values:
Section Entry Add Partnership Name Any (relevant name) Description Any (relevant description) Local IDP ID Select Local IDP ID Remote SP ID Select Remote SP ID Base URL Will be pre-populated Skew Time Any per environment requirement User Directories and Search Order Select required Directories in required search order
Click Configure Assertion and fill in the following values:
Section Entry Name ID Format Optional Name ID Type User Attribute Value Should be the name of the user attribute containing the email address or user identifier. For example, ‘mail’
Click Configure SSO and SLO and fill in the following values:
Section Entry Add Authentication URL This should be the URL that is protected by SiteMinder SSO Binding Select SSO Binding supported by the SP, typically the HTTP-Post Audience (Relevant audience) Transaction Allowed Optional Assertion Consumer Service URL This should be pre-populated using the information from the SP entity
- Continue to Partnership Activation and select Activate.