About SAML
In our environment, CSM acts as a service provider and has been tested with the following identity providers:
- Microsoft® Active Directory® Federated Services (ADFS) 2.0
- Shibboleth®
- SSOCircle
When a CSM User starts CSM (any Windows Client or Browser Application, Cherwell Mobile™ for Android™ or Cherwell Mobile for iOS), a Cherwell Service sends an authentication request to the User’s identity provider. If the User is not already logged into his identity provider, the identity provider displays a login window where the User can enter his credentials, which are authenticated by the identity provider. If the authentication is successful, the identity provider passes a response containing one or more assertion statements to the Cherwell assertion consumer Service. An assertion indicates that the identity provider has successfully authenticated the User and includes a User name ID (ex: e-mail address or Windows login ID) and possibly additional optional attributes about the User (ex: Name, department, etc.). The Cherwell Service uses the Name ID to find the User information in the CSM User database (the User can be either a Customer or an internal User), and then logs the User into the Cherwell Desktop Client application without requiring further User interaction.
The figure shows the CSM SAML SSO process.
The figure shows the CSM SAML IdP Initiated process.