So, just updated everything.... eDir 8.8.8.7 & SAML 1.1.1 on the
directory, configupdate HF2, OSP 6, and Apps SP3 on Tomcat (already at
JDK 1.8.0)....

Section -5.1 Customizing Strings for One SSO Provider 6.0- of the readme
appears to be inaccurate/not applicable anymore.

Authentication now completely fails without any hint to the end user....
TRACE of the OSP shows:


Code:
--------------------
[OIDP] 2016-01-29T12:55:25.551+1100
Level: TRACE
Code: com.novell.identity.common.ldap.jndi.JNDIConnectio n.<init>() [219] thread=http-nio-8443-exec-6
Message:
Connection: 1a18dc59-d5a0-436b-b915-0326ce1db5d5, Environment Parameters for InitialDirContext() method call:
Key: java.naming.factory.initial, Value: com.sun.jndi.ldap.LdapCtxFactory
Key: java.naming.provider.url, Value: ldaps://***************:636
Key: com.sun.jndi.ldap.connect.timeout, Value: 0
Key: java.naming.security.principal, Value: ***************
Key: java.naming.security.authentication, Value: simple
Key: java.naming.security.credentials, Value: *****
Key: java.naming.security.protocol, Value: ssl
Key: java.naming.ldap.factory.socket, Value: com.novell.osp.util.net.client.OSP_SSLSocketFactor y

[OIDP] 2016-01-29T12:55:25.611+1100
Level: TRACE
Code: com.novell.identity.common.ldap.jndi.JNDIConnectio n.setContextEnvironmentProperties() [1875] thread=http-nio-8443-exec-6
Message: Added property to DirContext Environment: Property Name: java.naming.ldap.attributes.binary, Value: GUID nDSPKITrustedRootCertificate

[OIDP] 2016-01-29T12:55:25.611+1100
Level: DEBUG
Code: com.novell.oidp.source.ldap.LDAPSource.accept() [1592] thread=http-nio-8443-exec-6
Message: CreateConnection

[OIDP] 2016-01-29T12:55:25.612+1100
Level: TRACE
Code: com.novell.oidp.profile.authentication.MethodProfi le.authenticateMethod() [661] thread=http-nio-8443-exec-6
Message: Authenticated authentication class: com.novell.oidp.authentication.classes.system.Pass wordClass, Status: AUTHENTICATED

[OIDP] 2016-01-29T12:55:25.612+1100
Level: TRACE
Code: com.novell.oidp.profile.authentication.MethodProfi le.authenticateMethod() [682] thread=http-nio-8443-exec-6
Message: Authentication Method Name/Password Method succeeded

[OIDP] 2016-01-29T12:55:25.612+1100
Level: TRACE
Code: com.novell.oidp.session.NIDPSession.checkAuthentic ated() [2489] thread=http-nio-8443-exec-6
Message:
Session Id: 9f3d4c33a64b420daa403fbaa592f613-761F121B5B1703021E
Session has zero consumed authentications! Not Authenticated!
Authenticated: false

[OIDP] 2016-01-29T12:55:25.612+1100
Level: TRACE
Code: com.novell.oidp.session.NIDPSession.checkAuthentic ated() [2489] thread=http-nio-8443-exec-6
Message:
Session Id: 9f3d4c33a64b420daa403fbaa592f613-761F121B5B1703021E
Session has zero consumed authentications! Not Authenticated!
Authenticated: false

[OIDP] 2016-01-29T12:55:25.613+1100
Level: DEBUG
Code: com.novell.oidp.profile.authentication.MethodProfi le.getNextExecutable() [615] thread=http-nio-8443-exec-6
Message:
Get next contract executable:
Executables count: 3
Counter: 1
Executable: SSPR Check Method(id=sspr-checks-method)
Type: non-user
Session authenticated: false
Valid on session: false
Method selected for execution.

[OIDP] 2016-01-29T12:55:25.613+1100
Level: TRACE
Code: com.novell.oidp.profile.authentication.MethodProfi le.authenticateMethod() [658] thread=http-nio-8443-exec-6
Message: Authentication Method executing: SSPR Check Method

[OSP] 2016-01-29T12:55:25.613+1100
Level: TRACE
Code: com.novell.osp.util.URLUtil.connectToURL() [840] thread=http-nio-8443-exec-6
Message: Attempting to connect to URL: https://***************/sspr/public/rest/status via GET (len:0)

[OIDP] 2016-01-29T12:55:27.415+1100
Level: DEBUG
Code: com.novell.oidp.source.ldap.LDAPSource.accept() [1592] thread=OSP JNDI Connection Retirement
Message: TerminateConnection
--------------------


So LDAP says "yeah, all good", but OSP says that it did not consume any
authentications.....


--
-"Also now available in 'G+'
(http://plus.google.com/+BenWalter-Kiwi) and 'Website'
(https://www.isam.kiwi/) format".-
------------------------------------------------------------------------
ScorpionSting's Profile: https://forums.netiq.com/member.php?userid=469
View this thread: https://forums.netiq.com/showthread.php?t=55268