4.4.4 Appliance -- SAML with Identity Governance 3.5

fp_idmworks · ‎2019-03-15

followed doc https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/saml-authentication-for-single-sign-on.html

followed TID: https://support.microfocus.com/kb/doc.php?id=7018468

browser gives:

Access Manager
Unable to complete request at this time. (Request was from an untrusted provider-DFC9EEA8816956F3)

console dev tools shows:

GET https://ig.tscc.rip:8543/sample/js/controllers/formSampleController.js net::ERR_ABORTED 404
2ig.tscc.rip/:139 GET https://ig.tscc.rip:8543/sample/js/controllers/samplesController.js net::ERR_ABORTED 404
ig.tscc.rip/:140 GET https://ig.tscc.rip:8543/sample/js/controllers/formSampleController.js 404
polyfills.af9c01fd4dcc787b137a.js:1 GET https://ig.tscc.rip:8543/api/whoami 401
y @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMacroTask @ polyfills.af9c01fd4dcc787b137a.js:1
h @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
D.i.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ angular.js:11756
sendReq @ angular.js:11517
serverRequest @ angular.js:11227
processQueue @ angular.js:15961
(anonymous) @ angular.js:15977
$eval @ angular.js:17229
$digest @ angular.js:17045
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
e.object.o @ main.6c9fabbcf668cc31f4df.js:1
e.__tryOrUnsub @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e._next @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e.emit @ main.6c9fabbcf668cc31f4df.js:1
mn @ main.6c9fabbcf668cc31f4df.js:1
yn @ main.6c9fabbcf668cc31f4df.js:1
onInvokeTask @ main.6c9fabbcf668cc31f4df.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.runTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
invoke @ polyfills.af9c01fd4dcc787b137a.js:1
n.args.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
setTimeout (async)
u @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMacroTask @ polyfills.af9c01fd4dcc787b137a.js:1
h @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
D.i.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
invoke @ angular.js:4665
(anonymous) @ angular.js:4473
forEach @ angular.js:322
createInjector @ angular.js:4473
doBootstrap @ angular.js:1746
bootstrap @ angular.js:1767
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
t.run @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrap @ main.6c9fabbcf668cc31f4df.js:1
t.ngOnInit @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
ts @ main.6c9fabbcf668cc31f4df.js:1
Os @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
updateDirectives @ main.6c9fabbcf668cc31f4df.js:1
Ja @ main.6c9fabbcf668cc31f4df.js:1
t.detectChanges @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.tick @ main.6c9fabbcf668cc31f4df.js:1
t._loadComponent @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrap @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t._moduleDoBootstrap @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
onInvokeTask @ main.6c9fabbcf668cc31f4df.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.runTask @ polyfills.af9c01fd4dcc787b137a.js:1
d @ polyfills.af9c01fd4dcc787b137a.js:1
Promise.then (async)
v @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMicroTask @ polyfills.af9c01fd4dcc787b137a.js:1
D @ polyfills.af9c01fd4dcc787b137a.js:1
t.then @ polyfills.af9c01fd4dcc787b137a.js:1
t.appInitializer @ main.6c9fabbcf668cc31f4df.js:1
t.runInitializers @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
t.run @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrapModuleFactory @ main.6c9fabbcf668cc31f4df.js:1
0ZzE @ main.6c9fabbcf668cc31f4df.js:1
c @ runtime.0f9893679483894f3a2e.js:1
7 @ main.6c9fabbcf668cc31f4df.js:1
c @ runtime.0f9893679483894f3a2e.js:1
t @ runtime.0f9893679483894f3a2e.js:1
r @ runtime.0f9893679483894f3a2e.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
main.6c9fabbcf668cc31f4df.js:1 update localizations...
:8543/#/oauth.html:1 Invalid 'X-Frame-Options' header encountered when loading 'https://am4.tscc.rip/nidp/saml2/sso': 'ALLOW-FROM https://ig.tscc.rip:8543' is not a recognized directive. The header will be ignored.
:8543/#/oauth.html:1 Invalid 'X-Frame-Options' header encountered when loading 'https://am4.tscc.rip/nidp/app?first=false': 'ALLOW-FROM https://ig.tscc.rip:8543' is not a recognized directive. The header will be ignored.

edmaa · ‎2019-03-16

On 16-03-2019 11:04 AM, fp IDMWORKS wrote:
>
> followed doc
> https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/saml-authentication-for-single-sign-on.html
>
> followed TID: https://support.microfocus.com/kb/doc.php?id=7018468
>
> browser gives:
>
> Access Manager
> Unable to complete request at this time. (Request was from an untrusted
> provider-DFC9EEA8816956F3)

sounds like either NAM hasn't been configured or NAM isn't trusted the cert chain of the service provider. Is the IDP status yellow by any chance?

--
Cheers,
Edward

EricVeysey1 · ‎2019-03-17

I wouldn't adjust the anticlickjacking / security parameters unless you are getting a blank page or unable to display content in the iframe.

I know the clickjacking was an issue when NAM 4.3 came out with the older version of OSP / Identity Apps. I'm not sure if exists with the newer Identity Apps / OSP.

This is a separate error like Edward suggested with certificate not being trusted or the metadata has changed.

edmaa · ‎2019-03-18

On 18-03-2019 2:46 AM, EricVeysey wrote:
>
> I wouldn't adjust the anticlickjacking / security parameters unless you
> are getting a blank page or unable to display content in the iframe.
>
> I know the clickjacking was an issue when NAM 4.3 came out with the
> older version of OSP / Identity Apps. I'm not sure if exists with the
> newer Identity Apps / OSP.

It does with NAM 4.4 and IDM UA/OSP 4.7 😞

--
Cheers,
Edward

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5