This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Request was from an untrusted provider in NAM

Hi,

I'm trying to set up SSO using SAML into Vmware Horizon, using NAM as the identity provider.

The user goes to "https://<server fqdn>/nidp" and is prompted to login, they then click on an Appmarker to take them to Vmware horizon desktop agent but the page redirects to "https://<server fqdn>/nidp/app?first=false" and I get the error "Unable to complete request at this time. (Request was from an untrusted provider-5D5DFCF47082782E)"

I have tested this chain using Microsoft ADFS and it works ok so I think it's NAM that's having the issue?

 

 

  • 0  

    make sure "all"  CA certificates (Intermediate CA and Root CA) have been imported and added within the NDIP Trustrore

    • check the IDP health status especially for certificates
    • make sure IDP servers are able to access OCSP responders or can download CRLs (Internet Access)
    • enable application and SAML2 debug logging for the IDP server
    • stop the idp server: systemctl stop novell-idp
    • clean out the catalina.out: "> /var/opt/novell/nam/logs/idp/tomcat/catalina.out"
    • start the IDP server: systemctl start novell.dp
    • run: grep -i "loaded trusted provider" /var/opt/novell/nam/logs/idp/tomcat/catalina.out
      if everthing has been configured correctly you will se messages like:
      --------------------------------------------------------------------------------------------------------------
      <amLogEntry> 2023-03-11T09:37:32Z INFO NIDS Application: AM#500105038: AMDEVICEID#3C36FBEA9A5075F5: AMAUTHID#803e9573e589a59df8f71f14a4ddd2a4842828c71ef9195ad3374863a402ed02:  Loaded trusted provider simplesaml.nam.com/.../default-sp of protocol SAML 2 </amLogEntry>
      --------------------------------------------------------------------------------------------------------------

  • Verified Answer

    +1 in reply to   

    Thanks for the response, I figured out on Friday that I was missing the IDP part of the scenario. I have managed to get it working using ADFS as an IDP now.