Hello All,

We have a NAM appliance 4.0.2 setup.

Added few SAML service provider applications and were using NAM Identity
server as Identity Provider.
The user store is an Active Directory.

The solution works perfect with the Secure Name/Password - Form
authentication contract.
Recently configured the Kerberos authentcation module , Though the
kerberos authentication is successfull.
It fails to add the claims/attributes to the SAML assertion sent to SP.

I verified the attribute sets and the attributes sent with
authentication.everything looks good.

for me it looks like i am missing the user identifier , for it to fetch
the claims for the user authenticated through kerb protocol.

Please help....!!!!

Here is the log file -- http://pastebin.com/cQNPxqTy

Below errors were seen in the logs :

RETRIEVAL OF OBJECT COM.NOVELL.NIDP.NIDPSUBJECT@B5CC6F4 FROM CACHE
SUBJECT SUCCEEDED USING KEY 2. CACHE SIZE IS 1
</AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS SAML2:
METHOD: NIDPLOCALCONFIGUTIL.ISSAML2KEYENABLED
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
'SAML2_AVOID_CONSENT' DOESN'T MAP TO AN EXISTING OBJECT
[NIDPCONFIG.PROPERTIES]. SAML2 REQUEST -ERROR PARSING SAML2 PROPERTY
SAML2_AVOID_CONSENT </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS APPLICATION:
METHOD: NIDPLOCALCONFIGUTIL.GETSAML2TPVALUEBOOLEAN
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
[NIDPCONFIG.PROPERTIES] OPTIONS -
HTTP://AUTO11.CLOUD.COM/ADFS/SERVICES/TRUST->SAML2_AVOID_SPNAMEQUALIFIER_TO
VALUE RETURNED: FALSE </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS APPLICATION:
METHOD: XMLSIGNABLE.PRESIGNING
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
ATEMPTING TO SIGN XMLSIGNABLE OBJECT: NAME: ASSERTION </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS APPLICATION:
METHOD: XMLSIGNABLE.A
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
SIGNING WILL USE CERTIFICATE [CN=USALLSUSEDEV01.INFO.COM] HAVING SERIAL
NO
[40983507242262094207124727297374281064263396837579 79608047889404982145028684518258012]
</AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS SAML2:
METHOD: NIDPLOCALCONFIGUTIL.ISSAML2KEYENABLED
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
'SAML2_SIGN_METHODDIGEST_SHA256' DOESN'T MAP TO AN EXISTING OBJECT
[NIDPCONFIG.PROPERTIES]. SAML2 REQUEST -ERROR PARSING SAML2 PROPERTY
SAML2_SIGN_METHODDIGEST_SHA256 </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS APPLICATION:
METHOD: XMLSIGNABLE.POSTSIGNING
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
SIGNATURE COMPLETED FOR OBJECT! NAME: ASSERTION </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS SAML2:
METHOD: SAML2PROFILE.SENDMESSAGE
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16
OUTBOUND POST MESSAGE WAS NOT DEFLATED FOR THE TARGET WITH PROVIDER ID:
'HTTP://AUTO11.CLOUD.COM/ADFS/SERVICES/TRUST' </AMLOGENTRY>

<AMLOGENTRY> 2016-03-28T11:01:43Z DEBUG NIDS SAML2:
METHOD: SAML2PROFILE.TRACEMESSAGE
THREAD: AJP-BIO-127.0.0.1-9019-EXEC-16



Thank you
Kbasa


--
kbasa6
------------------------------------------------------------------------
kbasa6's Profile: https://forums.netiq.com/member.php?userid=10667
View this thread: https://forums.netiq.com/showthread.php?t=55611