The CMP system supports Secure Access to Network Elements (SANE) Authentication and Authorization. You can configure the CMP system to operate in a SANE network environment so that a user elsewhere in the network can gain single sign-on (SSO) access. When the CMP system is configured to authenticate using SANE, users can log in using a SANE client.
Note: Usage of a SANE client is outside the scope of this document.
See Enabling SANE Authentication on the CMP System for details.
The admin user profile is treated separately. An admin user can log in to the CMP system using any supported browser.
The authentication process is as follows:
- From a SANE client user interface, the user selects the CMP system in a web browser.
- An encrypted SANE authentication artifact is sent to the CMP system through the browser.
- The CMP system forwards the artifact to a SANE server (also called, the SANE responder).
Note: The admin user is always authenticated locally, regardless of SANE configuration settings.
- If the SANE server verifies the artifact, it returns an assigned role and scope for the user and the CMP system allows the user to log in to the system.
- If the SANE server does not verify the artifact, the CMP system rejects the login request.