When using SAML 1.0 and 2.0 artifact under NAM3.1 as IDP, I got
following error when performing saml interaction:

<amLogEntry> 2012-11-23T09:26:38Z DEBUG NIDS Application:
Method: URLUtil.validateTLS
Thread: http-
Exception doing SOAP TLS authentication Could not match certificate with
domain name of trusted provider </amLogEntry>

<amLogEntry> 2012-11-23T09:26:38Z DEBUG NIDS SAML1:
Method: SAMLPResponse.encodeErrorResponse
Thread: http-
Saml1 SOAP Response
<samlp:Response xmlns:samlp="urnasis:names:tc:SAML:1.0rotocol"
MajorVersion="1" MinorVersion="10"
InResponseTo="sff71a68a84304997c7da18380ee57d55315 2364c"
Value="samlp:RequestDenied"></samlp:StatusCode><StatusMessage>Invalid or
no signature or bad client

<amLogEntry> 2012-11-23T09:26:38Z WARNING NIDS SAML1: Error processing
Artifact from requester https://myservice.provider.com:443/sso: Invalid
or no signature or bad client authentication </amLogEntry>

<amLogEntry> 2012-11-23T09:26:38Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-

Retrieval of object from cache session failed using key
43A9AB07D9BE98845B4615571AEE8470. Cache size is 10

The certificate I used in the SP side for is cn=myservice.sp.com, which
is different from my consumer URL https://myservice.provider.com. As
other federation product does not require the certificate used for
mutual ssl match the cert cn name NAM does require this. We have reason
behind that we cannot use the cert with cn=myservice.provider.com. Thus
my question is can NAM disable this cert domain name checking with the
consumer URL domain name?


jabbaaa's Profile: https://forums.netiq.com/member.php?userid=3423
View this thread: https://forums.netiq.com/showthread.php?t=46298