Highlighted
Absent Member.
Absent Member.
476 views

Need Help with configuring WS federation and ADFS


I am running the latest version 3.1.4-27. We are trying to configure WS
federation to ADFS 2.0 running in one of the service providers of our
company to access the hosted application. Active directory is our
identity store and I have followed the steps mentioned in the
Documentation except that I used CN attribute as the claim type instead
of email to create the service provider configuration. This is what is
happening - When I try to access the application URL, I am allowed to
select Novell Access manager(NAM) from a list of identity providers they
have configured in ADFS. After selecting, I am prompted with a form
based authentication configured in NAM. After successful authentication,
I am not being forwarded to the application URL instead I sit at the NAM
page that says " Your Session has been authenticated for 60 minutes"

Can anyone walk me through the configuration and help me figure out
what I may be missing?

-NK


--
nareshbk
------------------------------------------------------------------------
nareshbk's Profile: http://forums.novell.com/member.php?userid=43220
View this thread: http://forums.novell.com/showthread.php?t=449720

0 Likes
4 Replies
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Need Help with configuring WS federation and ADFS

nareshbk wrote:

>
> I am running the latest version 3.1.4-27. We are trying to configure
> WS federation to ADFS 2.0 running in one of the service providers of
> our company to access the hosted application. Active directory is our
> identity store and I have followed the steps mentioned in the
> Documentation except that I used CN attribute as the claim type
> instead of email to create the service provider configuration. This
> is what is happening - When I try to access the application URL, I am
> allowed to select Novell Access manager(NAM) from a list of identity
> providers they have configured in ADFS. After selecting, I am
> prompted with a form based authentication configured in NAM. After
> successful authentication, I am not being forwarded to the
> application URL instead I sit at the NAM page that says " Your
> Session has been authenticated for 60 minutes"
>
> Can anyone walk me through the configuration and help me figure out
> what I may be missing?
>
> -NK


are you using SAML or WS Federation between the two? If you using SAML
the post to the service provider should contain a relaystate (of the
top of my head) when using the browser/post binding. Not exactly sure
how this should work when using WS-Federation tho.

--
Cheers,
Edward
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Need Help with configuring WS federation and ADFS


I am using WS-Federation. I am blindly following the documentation
though.


--
nareshbk
------------------------------------------------------------------------
nareshbk's Profile: http://forums.novell.com/member.php?userid=43220
View this thread: http://forums.novell.com/showthread.php?t=449720

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Need Help with configuring WS federation and ADFS


Got past that issue. Now I am able to login to the application but ADFS
throws errors...

ID4175: The issuer of the security token was not recognized by the
IssuerNameRegistry. To accept security tokens from this issuer,
configure the IssuerNameRegistry to return a valid name for this
issuer.


edmaa;2162510 Wrote:
> nareshbk wrote:
>
> >
> > I am running the latest version 3.1.4-27. We are trying to configure
> > WS federation to ADFS 2.0 running in one of the service providers of
> > our company to access the hosted application. Active directory is

> our
> > identity store and I have followed the steps mentioned in the
> > Documentation except that I used CN attribute as the claim type
> > instead of email to create the service provider configuration. This
> > is what is happening - When I try to access the application URL, I

> am
> > allowed to select Novell Access manager(NAM) from a list of identity
> > providers they have configured in ADFS. After selecting, I am
> > prompted with a form based authentication configured in NAM. After
> > successful authentication, I am not being forwarded to the
> > application URL instead I sit at the NAM page that says " Your
> > Session has been authenticated for 60 minutes"
> >
> > Can anyone walk me through the configuration and help me figure out
> > what I may be missing?
> >
> > -NK

>
> are you using SAML or WS Federation between the two? If you using SAML
> the post to the service provider should contain a relaystate (of the
> top of my head) when using the browser/post binding. Not exactly sure
> how this should work when using WS-Federation tho.
>
> --
> Cheers,
> Edward



--
nareshbk
------------------------------------------------------------------------
nareshbk's Profile: http://forums.novell.com/member.php?userid=43220
View this thread: http://forums.novell.com/showthread.php?t=449720

0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Need Help with configuring WS federation and ADFS

nareshbk wrote:

>
> Got past that issue. Now I am able to login to the application but
> ADFS throws errors...
>
> ID4175: The issuer of the security token was not recognized by the
> IssuerNameRegistry. To accept security tokens from this issuer,
> configure the IssuerNameRegistry to return a valid name for this
> issuer.


Unfortunately I haven't done much with WS-Federation and NAM. I did
find this article though:
http://stackoverflow.com/questions/5836395/adfs-2-0-error-id4175-the-iss
uer-of-the-security-token-was-not-recognized-by-th

Hopefully it helps?



--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.