Anonymous_User Absent Member.
Absent Member.
165 views

NAM SAML 2.0 SP and Password Retrieval


Hi,

Is it possible to add the Password Retrieval (PasswordFetchClass) as a
Post Authentication method for a NAM SAML 2.0 SP configuration?
It doesn't seem so according to doc: http://tinyurl.com/l2xk359

We are using Attribute matching from attributes in the assertion to
match existing eDir user in the NAM user store, and we need to get the
password for and submit that as part of an Identity Injection policy for
a NAM protected resource.

Or are there other ways of doing this?

(NAM 3.2.2)

Regards,
Tor Harald Lothe


--
thlo
------------------------------------------------------------------------
thlo's Profile: https://forums.netiq.com/member.php?userid=2374
View this thread: https://forums.netiq.com/showthread.php?t=50157

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: NAM SAML 2.0 SP and Password Retrieval

thlo wrote:

>
> Hi,
>
> Is it possible to add the Password Retrieval (PasswordFetchClass) as a
> Post Authentication method for a NAM SAML 2.0 SP configuration?
> It doesn't seem so according to doc: http://tinyurl.com/l2xk359
>
> We are using Attribute matching from attributes in the assertion to
> match existing eDir user in the NAM user store, and we need to get the
> password for and submit that as part of an Identity Injection policy for
> a NAM protected resource.


This is possible and supported by the PasswordFetchClass.
It is referenced in the documentation: https://www.netiq.com/documentation/netiqaccessmanager32/identityserverhelp/data/bmmudo8.html
"For example if you select the passwordfetch method, this method is executed at the service provider after the identity provider authentication and federation completes."

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM SAML 2.0 SP and Password Retrieval


Thanks, Alex!

The NAM doc for the class doesn't list this as a possibility 🙂

Regards,
Tor Harald Lothe


--
thlo
------------------------------------------------------------------------
thlo's Profile: https://forums.netiq.com/member.php?userid=2374
View this thread: https://forums.netiq.com/showthread.php?t=50157

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.