Highlighted
Outstanding Contributor.
Outstanding Contributor.
170 views

Federating Two Access Manager Environments with Each Other

I have a need to federate between two NetIQ Access Manager environments and I'm wondering if anyone has a how-to or best practices for this?  Would it be best to use Liberty protocol for this (I've never seen Liberty anywhere other than NAM)?  Or SAML 2.0?   Any gotchas to watch out for?    I don't think it matters, but one side is traditional standalone IdP and the other is a NAM Single Box appliance, both are 4.5.3.  Thanks.

 

Matt

 

0 Likes
3 Replies
Highlighted
Super Contributor.
Super Contributor.

Just use SAML2. It's trivially easy. Follow the directions in the admin guide for setting up a basic SAML federation.

You will need to set up attributes sets and user identification options just like any other federation.

There is absolutely nothing special because both sides are NAM.

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

 

Thanks Jerry.  Is there any advantage at all to using Liberty over SAML 2 for this use case?

 

Matt

 

0 Likes
Highlighted
Super Contributor.
Super Contributor.

No, Liberty is still used internally between the AG and IDP but you should avoid it when federating between systems. The SAML2 option is better tested, documented, and supported in this case.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.