We have successfully implemented OSP in IDM 4.5 with a front end SAML
provider (not NAM). Please see the picture below for the details of the


It all works well as long as the user is internal to the network
(accessing through IP address), but fails completely when when accessed
using extranet hostname. Initial clues were around that OSP might have
been configured only to use the IP address.
So we changed the configupdate and sspr configuration editor to use
extranet hostname (a.external.comp). It still fails as the Firewall
proxy is changing the external hostname to internal ip address while
forwarding the requests to the /osp/.../spassertion_consumer url (which
is the Assertion consumer url that consumes SAML response sent by the
frontend SAML module)

It fails at posting to the spassertion_consumer URL with an error as :
HTTP Status 403 - Unrecognized interface. Invalid Host Header Name or
Request URL Domain Name. (shown on the browser)


Any thoughts, on where it might be going wrong? Also any configuration
hints that we are missing in OSP (ism-configuration/global.properties)
OR configupdate tool

Please help us as this is a show stopper for our implementation.

Best Regards,

srinathu's Profile: https://forums.netiq.com/member.php?userid=10138
View this thread: https://forums.netiq.com/showthread.php?t=54344