Home

Results 1 to 10 of 12

Thread: IDM 4.7 OSP SAML metadata

Threaded View

  1. #1
    Join Date
    Dec 2007
    Posts
    120

    IDM 4.7 OSP SAML metadata

    Hi,

    I've upgraded 4.6.2 to 4.7. Now I'd like to enable SAML between OSP and NAM.
    But looking at OSP metadata (e.g. https://publicIDMname.internet.com/o...ml2/spmetadata), all references point to internal hostname, not public name.

    for example:
    - entityID="https://HOSTNAME.AD.DOMAIN.LOCAL/osp/a/idm/auth/saml2/metadata"
    - <md:SingleLogoutService Binding="urnasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://HOSTNAME.AD.DOMAIN.LOCAL/osp/a/idm/auth/saml2/spslo" ResponseLocation="https://HOSTNAME.AD.DOMAIN.LOCAL/osp/a/idm/auth/saml2/spslo"/>
    ....

    In configupdate, all host identifiers point to public name (e.g. publicIDMname.internet.com) and if I check ism-configuration.properties, there's no reference to local hostname (e.g. HOSTNAME.AD.DOMAIN.LOCAL).

    I've also tried to manually change metadata before importing to NAM, but that does not help since SAML request, issued by OSP, holds internal hostname in issuer:
    Code:
    <samlp:AuthnRequest xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
                        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                        Consent="urn:oasis:names:tc:SAML:2.0:consent:unavailable"
                        Destination="https://publicNAMname.internet.com/nidp/saml2/sso"
                        ForceAuthn="false"
                        ID="idYZYh-Nhzl-09Viz0G6p5npGl_mo"
                        IsPassive="false"
                        IssueInstant="2018-04-03T15:40:01Z"
                        ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                        Version="2.0"
                        >
            <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://HOSTNAME.AD.DOMAIN.LOCAL/osp/a/idm/auth/saml2/metadata</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="false"
                                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                                />
    </samlp:AuthnRequest>
    What have I missed?

    Thanks, S
    Last edited by sebastijan; 03-Apr-2018 at 04:56 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •