Highlighted
Keng Respected Contributor.
Respected Contributor.
69 views

Add Shared Secret Creentials Error with eDirectory 9.1 with SecretStore

Jump to solution

Hi,

I had a AM 4.5 Appliance setup with eDir as User Store. In User Store Configuration, Install NMAS SAML Method is checked and using LDAPS over port 636.

In the Credential Profile setting, allow user access to Credential Profile is checked and using Remote Storage with Secret Store.

eDir version 9.1.4 with Secret Store loaded. Under Security Container can see the NAM Trust Root Certs and SAML Assertion Login Method added.

However when I access the nidp/portal and login as a user and I am trying to create an entry under Credential Profile. Create a Credential entry and try to save it, I got the attached error.

Screenshot 2019-08-06 at 7.25.10 PM.png

Is this a quick way to test the Remote Shared Secret configuration, or I have to configure a Protected Resource with a Form Fill Policy to test out Remote Shared Secret with Secret Store works ?

Regards,

Keng

0 Likes
1 Solution

Accepted Solutions
Keng Respected Contributor.
Respected Contributor.

Re: Add Shared Secret Creentials Error with eDirectory 9.1 with SecretStore

Jump to solution

I had raised an SR (101250994371).

Apparently it's a bug related to signing SAML Assertion using SHA256. A fix of nidp.jar is given

Set the IDP Server option "SAML2 SIGN METHODDIGEST SHA256" to "false" in IDP Cluster->Edit->General->Options by choosing Other,  restarting the IDP server fixed the issue.

Cheer,

Keng

0 Likes
1 Reply
Keng Respected Contributor.
Respected Contributor.

Re: Add Shared Secret Creentials Error with eDirectory 9.1 with SecretStore

Jump to solution

I had raised an SR (101250994371).

Apparently it's a bug related to signing SAML Assertion using SHA256. A fix of nidp.jar is given

Set the IDP Server option "SAML2 SIGN METHODDIGEST SHA256" to "false" in IDP Cluster->Edit->General->Options by choosing Other,  restarting the IDP server fixed the issue.

Cheer,

Keng

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.