• State Suggested Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 4550 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Plug-Ins

Deployment Automation Manager SAML Support

Morné Lombard
A Score Level 1

Hi, are there any plans for the Deployment Automation Manager to support Appian environments with SAML configurations?

Most of our environment have SAML configurations set up with our Google Cloud and therefore we are unable to execute the scripts, and get the error: "Incorrect username or password".

When we execute the script on an environment that does not have a SAML configuration, the authentication works.

 

Thanks and much appreciated,

Morné Lombard

I Am App (Pty) Ltd.

  Discussion posts and replies are publicly visible

Parents
  • 0
    A Score Level 1
    Hi Morne,

    There is no relation with the Deployment automation manager with the SAML configurations. We do have SAML configured in our Appian cloud sites and executing deployment manager scprits flawlessly via Jenkins CI. May I know how you are executing the deployment manager scripts. These should run on the client side not on the server side. Please provide some more clarity on the issue you are facing exactly so that i can help you better.

    Thanks
  • 0
    A Score Level 1
     in reply to naveenp878

    Hi Naveen, thank you for the reply. I am running the script from my Macbook using the terminal, so I am not using any tools like Jenkins.

    Here is a screenshot of the terminal when executing the deploy-application.sh script:

    As mentioned, I can run the same script for an environment that does not have SAML configured and it works. Maybe it's just a limitation when using the .sh script from the terminal.

     

    Thank you,

    Morné

  • 0 in reply to Morné Lombard
    Morné,
    Is that account set to be authenticated using SAML in Appian? I know for Web APIs in Appian, if the account used is set to be authenticated by SAML it will fail because Appian is looking to do SAML authentication instead of the Appian authentication moethod. I created a group that contains all users that needs to be authenticated via SAML, and anyone that is not in that group can log in via Appian username/password set by our admin. The ones created by our admin are generally for other systems to do Web API calls to Appian and for our developers to log in as to do deployments and what not.

    Roland
  • 0
    A Score Level 1
     in reply to rolandc
    Hi Morne,

    Roland has a valid point. SAML users those are part SAML group must be authenticated via SAML and not via Appian authentication. Practically SAML users cannot pass Appian authentication. So, for debugging this issue, I would suggest you to go by below sequence of steps.

    1. Firstly the user account you are passing in the power shell script arguments must not be SAML user account and should be regular Appian user account i.e., Appian authentication is possible for these useraccount. The user account you are using must not be part of SAML groups.
    2. The Appian user account must be admin account and only administrator can execute the deployment automation batch scripts.
    3. Try to reconfirm the user account and its credentails by manually logging in.
    4. looks like there are no network and proxy issues. But still just check (ping) the appian cloud site is reachable at your IP.

    Thanks
  • 0
    A Score Level 1
     in reply to naveenp878

    After examining your screenshot, there is a small correction needed as your site is SAML configured. When SAML configuration is done you use the Appian login url as "xxxxx.appiancloud.com/.../login.jsp" instead of just "xxxxx.appiancloud.com/.../". Please refer the below screenshots and highlighted yellow content. correct this and try executing the script. It should work. Also you can double check this behaviour in browser assuming there is no active session already exists in the browser.

    At the other end, from SAML configruation in admin console while declaring authentication group, there are options that we can choose to authenticate every user through the new Idp created via SAML. So it this is done and the user account you are using is part of it then we cannot execute the scripts and normal Appian authentication is not possible.

    Please refer the documentation - 

Reply
  • 0
    A Score Level 1
     in reply to naveenp878

    After examining your screenshot, there is a small correction needed as your site is SAML configured. When SAML configuration is done you use the Appian login url as "xxxxx.appiancloud.com/.../login.jsp" instead of just "xxxxx.appiancloud.com/.../". Please refer the below screenshots and highlighted yellow content. correct this and try executing the script. It should work. Also you can double check this behaviour in browser assuming there is no active session already exists in the browser.

    At the other end, from SAML configruation in admin console while declaring authentication group, there are options that we can choose to authenticate every user through the new Idp created via SAML. So it this is done and the user account you are using is part of it then we cannot execute the scripts and normal Appian authentication is not possible.

    Please refer the documentation - 

Children
No Data
© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.