Setup
NAM 5.0.4.0.44
SLES 15.4
single box (demo environment)
Dear community,
I tried to setup the following in a demo/test environment.
IDP (Identity Server) protected by gateway / proxy
- Seems to work per se, I can login to the IDP portal via published DNS/URL with a user in the configured repository.
App (IDM IDApps) protected by gate way / proxy
- Fails with the following eirror:
- <amLogEntry> 2023-10-16T16:08:33Z SEVERE NIDS IDFF: AM#100106001: AMDEVICEID#esp-532EDD8C1C52FEAF: AMAUTHID#803e9573e589a59df8f71f14a4ddd2a4842828c71ef9195ad3374863a402ed02: Unable to load metadata for Embedded Service Provider: https:// netiq-iam.acme-test.com:8443/nidp/idff/metadata, error: No subject alternative DNS name matching netiq-iam.acme-test.com found. </amLogEntry>
This is a demonstration setup, so all is configured on one host. I tried to follow...
IDP Proxy
https://www.microfocus.com/documentation/access-manager/5.0/admin/b1in6ehe.html
IDM IDApps Proxy (/idmdash etc.)
For debugging purposes, I followed:
https://www.netiq.com/documentation/access-manager-45/admin/data/bbtszv7.html
- DNS and networking are “looking fine”, metata files/URLs for IDP and ESP are accessible form the host;
- Certificates are “looking fine” (although the error indicates that they are not), IDP trust store holds trusted chain of ESP and ESP trust store holds chain of IDP. The used certificate has a SAN DNS entry of the published domain/URL value of netiq-iam.acme-test.com.
The error strongly indicates a SSL/TLS communication issue between ESP and IDP. But I am out of ideas where to get more information what the problem exactly is or how to solve it.
Suggestions/Ideas anyone?
Many thanks and best regards,
Philipp