ataylordc
Visitor.
169 views

SAML2 with Password Fetch failing forward to Relay State URL

Hi,

We're trying to setup SAML with an external IDP to a NAM 4.4.4.0-22 instance protecting an internal app that requires the SAML Authenticated users password from LDAP.

SAML setup works, User matching works but if we add a post authentication method to fetch the users password the relay state parameter in the request is ignored. Removing the post auth method allows the relay state to work again.

The relay state is encoded and appearing in the IDP log.

Any suggestions?

 

0 Likes
2 Replies
ataylordc
Visitor.

Re: SAML2 with Password Fetch failing forward to Relay State URL

The model we're trying to implement is the same as whats in this article.

https://community.microfocus.com/t5/Access-Manager-Tips-Information/Configure-NAM-Identity-Server-NetIQ-IDP-as-a-Service-Provider/ta-p/1777086

 

Disabling the Advanced Session Assurance allowed this to function correctly.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: SAML2 with Password Fetch failing forward to Relay State URL

Rather than adding it as a post authentication on the External IDP config, add it as a second method on the auth contract you create.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.