I've created a new SAML2 federation connection with NAM 3.1 as the SP,
and I'm having trouble getting it to work.

When I try to login, I get this error:

An Identity Provider response was received that failed to authenticate
this session. (300101041-9C0A3F4AC8FFD78B

When I look in the Identity Server logs, I see these messages:

Get IDentity DN nidsIdentityName=joeUser</msg></amLogEntry>
<amLogEntry seq="67979" d="2015-02-03T00:41:59Z" lg="Application" lv="DEBUG" th="22" ><msg>Method: LDAPAuthority.getPrincipalByIdentityName
Searching for Identity using dn nidsIdentityName=joeUser</msg></amLogEntry>
Base context: cn=STIDP7b1uar,cn=SMSPycq8id,cn=SCCvrye0b,cn=clust er,cn=nids,ou=accessManagerContainer,o=novell, Filter: nidsIdentityName=joeUser, Scope: 1, Request Controls: null, UserId: ou=nidsUser,ou=UsersContainer
,ou=Partition,ou=PartitionsContainer,ou=VCDN_Root, ou=accessManagerContainer,o=novell</msg></amLogEntry>
Try connection: ldaps://</msg></amLogEntry>
Found 0 results!</msg></amLogEntry>
<amLogEntry seq="67983" d="2015-02-03T00:41:59Z" lg="Application" lv="VERBOSE" th="22" ><msg>Federation not found</msg></amLogEntry>

-------------------- is the Admin Console server. When I login to the LDAP on
that server and look in
cn=STIDP7b1uar,cn=SMSPycq8id,cn=SCCvrye0b,cn=clust er,cn=nids,ou=accessManagerContainer,o=novell,
I don't see any entries there.

However, when I compare with an existing Federation container in the
LDAP, I do see user entries there. So I suspect that I'm getting the
'Federation not found' error because my userid is not in the
cn=STIDP7b1uar,cn=SMSPycq8id,cn=SCCvrye0b,cn=clust er,cn=nids,ou=accessManagerContainer,o=novell

The configuration settings look correct, and I've compared them to an
existing and working federation configuration.

How do entries get added to the Admin Console LDAP? Am I looking in the
wrong place?


raranas's Profile: https://forums.netiq.com/member.php?userid=7271
View this thread: https://forums.netiq.com/showthread.php?t=52740