Connectivity between CC & SPM

Rajesh_John1 · February 7, 2019, 6:41pm

Hello All,

I have another question regarding CC. When connecting CC to the SPM of the IS, it appears that we need to provide an User ID and Password of a valid account on the IS. Again for the administrative commands to work, like deploying/installing assets onto the IS, the account should have Administrative access. Is there any way we can manage this connectivity using SSL keys ?

My concern here is …assuming that I used an LDAP account for enabling this connectivity. If I change the password of this account in LDAP, it will then break my connectivity between CC & SPM (IS). Is there any way to work around this ? Since the passwords need to be changed every 30 days, I cannot keep a static password for this connectivity.

Please share your thoughts…

Sergei_Pogrebnyak · February 12, 2019, 12:24am

Hi,
SPM to IS connection by default is authenticated using SAML2 auth which is, in turn, relies on certificates to sign the assertion.
The user encoded into the assertion is always ‘Administrator’, it’s not configurable at the moment, that’s why the auth is called ‘TRUSTED’.

It’s highly advised to not use BASIC auth for this connection exactly for the reason of dependency on password change.

Longer term, the plan was to also support DELEGATED auth, where the CC user identity is propagated all the way to IS, but this requires quite a bit of product changes on CCE, SPM and IS itself to facilitate this.

Thanks
Sergei