fp_idmworks Super Contributor.
Super Contributor.
317 views

4.4.4 Appliance -- SAML with Identity Governance 3.5

followed doc https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/saml-authentication-for-single-sign-on.html

followed TID: https://support.microfocus.com/kb/doc.php?id=7018468

browser gives:

Access Manager
Unable to complete request at this time. (Request was from an untrusted provider-DFC9EEA8816956F3)



console dev tools shows:

GET https://ig.tscc.rip:8543/sample/js/controllers/formSampleController.js net::ERR_ABORTED 404
2ig.tscc.rip/:139 GET https://ig.tscc.rip:8543/sample/js/controllers/samplesController.js net::ERR_ABORTED 404
ig.tscc.rip/:140 GET https://ig.tscc.rip:8543/sample/js/controllers/formSampleController.js 404
polyfills.af9c01fd4dcc787b137a.js:1 GET https://ig.tscc.rip:8543/api/whoami 401
y @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMacroTask @ polyfills.af9c01fd4dcc787b137a.js:1
h @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
D.i.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ angular.js:11756
sendReq @ angular.js:11517
serverRequest @ angular.js:11227
processQueue @ angular.js:15961
(anonymous) @ angular.js:15977
$eval @ angular.js:17229
$digest @ angular.js:17045
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
e.object.o @ main.6c9fabbcf668cc31f4df.js:1
e.__tryOrUnsub @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e._next @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e.next @ main.6c9fabbcf668cc31f4df.js:1
e.emit @ main.6c9fabbcf668cc31f4df.js:1
mn @ main.6c9fabbcf668cc31f4df.js:1
yn @ main.6c9fabbcf668cc31f4df.js:1
onInvokeTask @ main.6c9fabbcf668cc31f4df.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.runTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
invoke @ polyfills.af9c01fd4dcc787b137a.js:1
n.args.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
setTimeout (async)
u @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMacroTask @ polyfills.af9c01fd4dcc787b137a.js:1
h @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
D.i.(anonymous function) @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
invoke @ angular.js:4665
(anonymous) @ angular.js:4473
forEach @ angular.js:322
createInjector @ angular.js:4473
doBootstrap @ angular.js:1746
bootstrap @ angular.js:1767
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
t.run @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrap @ main.6c9fabbcf668cc31f4df.js:1
t.ngOnInit @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
ts @ main.6c9fabbcf668cc31f4df.js:1
Os @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
updateDirectives @ main.6c9fabbcf668cc31f4df.js:1
Ja @ main.6c9fabbcf668cc31f4df.js:1
t.detectChanges @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.tick @ main.6c9fabbcf668cc31f4df.js:1
t._loadComponent @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrap @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t._moduleDoBootstrap @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
(anonymous) @ polyfills.af9c01fd4dcc787b137a.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
onInvokeTask @ main.6c9fabbcf668cc31f4df.js:1
t.invokeTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.runTask @ polyfills.af9c01fd4dcc787b137a.js:1
d @ polyfills.af9c01fd4dcc787b137a.js:1
Promise.then (async)
v @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
onScheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
t.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleTask @ polyfills.af9c01fd4dcc787b137a.js:1
e.scheduleMicroTask @ polyfills.af9c01fd4dcc787b137a.js:1
D @ polyfills.af9c01fd4dcc787b137a.js:1
t.then @ polyfills.af9c01fd4dcc787b137a.js:1
t.appInitializer @ main.6c9fabbcf668cc31f4df.js:1
t.runInitializers @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
onInvoke @ main.6c9fabbcf668cc31f4df.js:1
t.invoke @ polyfills.af9c01fd4dcc787b137a.js:1
e.run @ polyfills.af9c01fd4dcc787b137a.js:1
t.run @ main.6c9fabbcf668cc31f4df.js:1
t.bootstrapModuleFactory @ main.6c9fabbcf668cc31f4df.js:1
0ZzE @ main.6c9fabbcf668cc31f4df.js:1
c @ runtime.0f9893679483894f3a2e.js:1
7 @ main.6c9fabbcf668cc31f4df.js:1
c @ runtime.0f9893679483894f3a2e.js:1
t @ runtime.0f9893679483894f3a2e.js:1
r @ runtime.0f9893679483894f3a2e.js:1
(anonymous) @ main.6c9fabbcf668cc31f4df.js:1
main.6c9fabbcf668cc31f4df.js:1 update localizations...
:8543/#/oauth.html:1 Invalid 'X-Frame-Options' header encountered when loading 'https://am4.tscc.rip/nidp/saml2/sso': 'ALLOW-FROM https://ig.tscc.rip:8543' is not a recognized directive. The header will be ignored.
:8543/#/oauth.html:1 Invalid 'X-Frame-Options' header encountered when loading 'https://am4.tscc.rip/nidp/app?first=false': 'ALLOW-FROM https://ig.tscc.rip:8543' is not a recognized directive. The header will be ignored.
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5

On 16-03-2019 11:04 AM, fp IDMWORKS wrote:
>
> followed doc
> https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/saml-authentication-for-single-sign-on.html
>
> followed TID: https://support.microfocus.com/kb/doc.php?id=7018468
>
> browser gives:
>
> Access Manager
> Unable to complete request at this time. (Request was from an untrusted
> provider-DFC9EEA8816956F3)


sounds like either NAM hasn't been configured or NAM isn't trusted the cert chain of the service provider. Is the IDP status yellow by any chance?


--
Cheers,
Edward
0 Likes
EricVeysey1 Absent Member.
Absent Member.

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5

I wouldn't adjust the anticlickjacking / security parameters unless you are getting a blank page or unable to display content in the iframe.

I know the clickjacking was an issue when NAM 4.3 came out with the older version of OSP / Identity Apps. I'm not sure if exists with the newer Identity Apps / OSP.

This is a separate error like Edward suggested with certificate not being trusted or the metadata has changed.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: 4.4.4 Appliance -- SAML with Identity Governance 3.5

On 18-03-2019 2:46 AM, EricVeysey wrote:
>
> I wouldn't adjust the anticlickjacking / security parameters unless you
> are getting a blank page or unable to display content in the iframe.
>
> I know the clickjacking was an issue when NAM 4.3 came out with the
> older version of OSP / Identity Apps. I'm not sure if exists with the
> newer Identity Apps / OSP.


It does with NAM 4.4 and IDM UA/OSP 4.7 😞



--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.