Federating Two Access Manager Environments with Each Other
I have a need to federate between two NetIQ Access Manager environments and I'm wondering if anyone has a how-to or best practices for this? Would it be best to use Liberty protocol for this (I've never seen Liberty anywhere other than NAM)? Or SAML 2.0? Any gotchas to watch out for? I don't think it matters, but one side is traditional standalone IdP and the other is a NAM Single Box appliance, both are 4.5.3. Thanks.
Just use SAML2. It's trivially easy. Follow the directions in the admin guide for setting up a basic SAML federation.
You will need to set up attributes sets and user identification options just like any other federation.
There is absolutely nothing special because both sides are NAM.
No, Liberty is still used internally between the AG and IDP but you should avoid it when federating between systems. The SAML2 option is better tested, documented, and supported in this case.