We have an external IDP that use a replicate of our Active Directory.
We have a NAM protected application that we want to allow access to for
those coming over via the Trusted IDP. To access the internal
application we have a formfill policy that uses username and password to
pass to the internal application. The external IDP is setup as a
Trusted IDP and the SAML exchange is working but I cannot seem to get
the "user matching" process to succeed. I also noticed that in the NAM
Identity Server log file that a value for an attribute in the SAML
Assertion seems to have been dropped. The attribute is what I'm trying
to use as the "user matching" value. Any suggestions are appreciated.


SAML Assertion:
<saml:AttributeStatement>
<saml:Attribute
NameFormat="urnasis:names:tc:SAML:2.0:attrname-format:basic"
Name="sAMAccountName"
>

<saml:AttributeValue
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>MONITORAW</saml:AttributeValue>

</saml:Attribute>
</saml:AttributeStatement>


Log file entry:
&gt;&lt;saml:AttributeStatement&gt;&lt;saml:Attrib ute
NameFormat=&quot;urnasis:names:tc:SA
ML:2.0:attrname-format:basic&quot;
Name=&quot;sAMAccountName&quot;&gt;&lt;saml:Attrib uteValue xmlns:xsi=&
quot;http://www.w3.org/2001/XMLSchema-instance&quot;
xsi:type=&quot;xs:string&quot;&gt;**&lt;/saml:Attrib
uteValue&gt;&lt;/saml:Attribute&gt;&lt;/saml:AttributeStatement&gt;&lt;


--
mm977g
------------------------------------------------------------------------
mm977g's Profile: https://forums.netiq.com/member.php?userid=4811
View this thread: https://forums.netiq.com/showthread.php?t=53289