Keng Super Contributor.
Super Contributor.

Re: SSPR 5015 Error with Access Manager OAuth Integration for SSO

Hi All,

The issue is resolved. 

I was using the dafault OAuth Scope 'profile' which have LDAP:cn attribute in place which is as specified in the documentation. However after under a lot of test and even with a SR Support, nothing seems wrong.

However with deeper investigating the 'Profile' Attribute Set, it was found that it was mapping as 'nickname' remote attribute. This sounded a bit strange to me.

Screenshot 2019-10-11 at 2.36.15 PM.png

Hence I create a new 'SSPR' Attribute Set with LDAP:cn local attribute and mapping of 'cn' remote attribute. Create a new OAuth Scope 'sspr' and Update Identity Server. Modify SSPR to use the sspr scope and apply configuration.

Screenshot 2019-10-11 at 2.35.29 PM.png

Test SSPR Login, and this time I can successfully login to SSPR via NAM.

Then doing further test by modify SSPR to use the default NAM scope 'profile' and this time use 'nickname' as the Login Attribute. Apply and test. No error.

So this is where the Documentation is not clear I presumed.

Regards,

Keng

0 Likes
Highlighted
ericveysey Trusted Contributor.
Trusted Contributor.

Re: SSPR 5015 Error with Access Manager OAuth Integration for SSO

That makes sense. So the CN wasn’t mapped to CN. A bit strange the default profile would be like that. I’m assuming most people would have to change it back to CN-CN.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.