NAM-AAF Integration using OAuth lands to NIDP Portal Page

Issue:

  1. User access the Protected resource or a SAML Service Provider.
  2. User log in to the IDP server
  3. User is redirected to AAF for second factor authentication
  4. After authenticating to the AAF server user lands to the NIDP portal in place of redirect to AG Protected Resource or SAML Service Provider

Reason:

      LB is not sticking to same IDP server. The request to OAuth Callback lands to another IDP server which has not provided the authentication. In this scenario the IDP server need to proxy the callback request to another IDP server used for the Authentication. This proxy request fails and as a result user is redirected to the NIDP portal page.

Workaround:

Add the highlighted line in the /opt/novell/nam/idp/webapps/nidp/WEB-INF/web.xml.
<url-pattern>/oauth/nam/calback</url-pattern>
Apply the change to all the IDP servers in the cluster.
Restart IDP servers.