Authentication Methods Overview

Contrail Service Orchestration supports single sign-on (SSO) authentication for the unified portal.

You can authenticate and authorize users by using one of the following authentication methods:

When you log in to the unified Administration and Customer Portal, the login page is displayed. To log in to the unified Administration and Customer Portal, enter the username on the login page. If the username matches the username pattern configured for SSO, then you are redirected to the SSO page. If the username does not match the username pattern, you must enter the password.

For each SSO authentication method, a list of permitted roles must be provided to the SSO server. Only users with permitted roles in the SAML attribute are allowed to log in to CSO. Also, a mapping between the roles defined in CSO and the roles defined in the external SSO server (Identity Provider) must be provided.