Currently using email/password with OSP and trying to switch to SAML.
Used the updateconfig tool to point to metadata file and set SAML
attribute for the user and restarted Tomcat. Now when I try to go to
landing page for first time I get our SSO login page and after I enter
my credentials I am redirected to a simple page that just has a blue
banner that says NetIQ Access and my email address. Here is the URL:

https://ourdomain.com:5043/osp/a/idm/auth/app?sid=3

The strange thing is that if I try the landing page URL a second time I
don't get our SSO login page, because I am already logged in, but it
takes me to the landing page that time and I am logged in and can see my
name in the right hand corner. Every other attempt to go to the landing
page works as well as long as I am still signed into SSO so it seems
like the problem is that the first time I am being authenticated it
doesn't direct me to the landing page correctly. I tried setting the
landing page option in configupdate tool to none, internal, and external
and restarted after each change but nothing changed. I looked at all
the logs and the only log entries from the time I tried to use the page
were from the localhost access log.

Here is what logs looked like after I signed into SSO and received the
page with just the blue bar:

10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET /landing HTTP/1.1"
302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET /landing/ HTTP/1.1"
304 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/js/lib/i18n/jquery.ui.datepicker.js HTTP/1.1" 302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/js/lib/i18n/date HTTP/1.1" 302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/custom/custom.css HTTP/1.1" 200 249
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/IDMProv/rest/access/users/fullName HTTP/1.1" 401 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://omaedcidm009.interpublic.com:5043/landing/com.netiq.ualanding.index/oauth.html&client_id=ualanding&state=spiffystate0. 9232325324003239
HTTP/1.1" 200 129050
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/reset.css HTTP/1.1" 304 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/uistyles_loginselect.css HTTP/1.1" 304 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/uistyles.css HTTP/1.1" 304 -

Then when I tried the same landing page url again when I was already
signed into SSO it looks like this:

10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET /landing HTTP/1.1"
302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET /landing/ HTTP/1.1"
304 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/js/lib/i18n/jquery.ui.datepicker.js HTTP/1.1" 302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/js/lib/i18n/date HTTP/1.1" 302 -
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/landing/custom/custom.css HTTP/1.1" 200 249
10.199.242.112 - - [28/Mar/2017:10:55:38 -0500] "GET
/IDMProv/rest/access/users/fullName HTTP/1.1" 401 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/a/idm/auth/oauth2/grant?response_type=token&redirect_uri=https://omaedcidm009.interpublic.com:5043/landing/com.netiq.ualanding.index/oauth.html&client_id=ualanding&state=spiffystate0. 9232325324003239
HTTP/1.1" 200 129050
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/reset.css HTTP/1.1" 304 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/uistyles_loginselect.css HTTP/1.1" 304 -
10.199.242.112 - - [28/Mar/2017:10:55:39 -0500] "GET
/osp/idm/css/uistyles.css HTTP/1.1" 304 -

Anyone have a similar issue or know why I'm not getting the landing page
the first time I sign-in?


--
CHSB1130
------------------------------------------------------------------------
CHSB1130's Profile: https://forums.netiq.com/member.php?userid=6130
View this thread: https://forums.netiq.com/showthread.php?t=57706