Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.
1715 views

CSA SAML Integration Example, Need Support

Jump to solution

Dear Team,

we are trying to do SAML integration, we have followed Configuration guide CSA 4.8 starting from Page 254.,


we have created first Rule #1 @page 257  as it's mentioned, i have concern for outgoing Claim , as since we try to access CSA through SAML it give access denied.


----------------------------------------------------------------


c:[Type ==

"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",

Issuer == "AD AUTHORITY"]=> issue(store = "Active Directory", types =

("Group"), query = ";tokenGroups;{0}", param = c.Value);

---------------------------------------------------------------


we even tried with Rule#2 , @page 258 Step 9 -

For the LDAP attribute, select Token-Groups – Unqualified Names  >>> is that suppoed to be mapped to outgoing to anything ?!

I have to say that we see that documentation is confusing in that part, at least it should give sample configuration for that area.

 

Did anyone done that integration before?

 

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
Labels (2)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.

Re: CSA SAML Integration Example, Need Support

Jump to solution

The issue has been solved, actually, there was a bug in IDM, Support Provided Hotfix and SAML integration now working.

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
0 Likes
10 Replies
Respected Contributor.. CD35 Respected Contributor..
Respected Contributor..

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hello,

did you succeed to install SSO on CSA please ?

I follow the administration guide and I don't understand the ADFS part. When I read : 3. Click Relying Party Trusts and select the trust where you will create the rule. I don't understand which trust might been selected. I suppose that I must create a Relying Party Trust but how ? I know use the wizard but only when I have a description of the trust to create.

For steps after, I think it's ok.

Thanks

Nico

0 Likes
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.

Re: CSA SAML Integration Example, Need Support

Jump to solution

you can refer to your ADFS administrator asking for creating Trust relay with documentation steps as mentioned.

Still not successfully implemented we are facing an issue in the outgoing claim resulting Access denied in MPP.

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
0 Likes
Respected Contributor.. CD35 Respected Contributor..
Respected Contributor..

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hi,

 

thanks for your answer but I'm the ADFS adminstrator too and steps are missing for me in the documentation.

Regards.

Nicolas

0 Likes
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hello, 

 

up to which steps you completed ?! in Configuration guide

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
0 Likes
Respected Contributor.. CD35 Respected Contributor..
Respected Contributor..

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hi,

At the page 236 :

3. Click Relying Party Trusts and select the trust where you will create the rule.
4. Right-click the trust and choose Edit Claim Rules.

I must create a rule on the trust (by right-click) but I don't know how create this trust.

Thanks

NB : sorry for mistakes, I'm french and not fluent in english

Nicolas

0 Likes
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hello, 

So you have configured SAML for CSA and you have metadata, 

https://<CSA-FQDN>:8444/idm-service/saml/metadata

for adding Relying trust party, check that video https://www.youtube.com/watch?v=a1XqB3WwhIo 

for Claim Rules just right click on Relaying party trust you have created to do the mapping for claims, Rule#2 is easy than Rule#1 as Rule#1 has syntax errors.

please let me know the result if you have tested that as for me outgoing claim not working for me causing user access deny in MPP.

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
0 Likes
Super Contributor.. Andrew-Ruller Super Contributor..
Super Contributor..

Re: CSA SAML Integration Example, Need Support

Jump to solution

You could try enabling debug logging levels in the IDM log and increasing the log file size to 10mb before rotating. 

Unfortunately I have no experience with the ADFS aspect of the configuration but can comment on the SAML configuration of CSA. We have succesfully integrated CSA 4.70 with OpenOTP which provides OpenID for SAML support. This took quite a bit of working with HPE to resolve. In the end we found that the return XML from OpenID was in lower case and our SAML configuration in CSA for that organisation also needed to match. Other areas are ensuring the NameID field of the SAML response match the username being logged into CSA. eg; if you are using SAMAccountname as the username for CSA your SAML response from ADFS also needs to define the NameId as SAMAccountname. 

Sorry I couldn't assist more.

0 Likes
Respected Contributor.. CD35 Respected Contributor..
Respected Contributor..

Re: CSA SAML Integration Example, Need Support

Jump to solution

Hello,

Sorry for the delay to answer. SSO, it's not my first priority so I did anything for the moment.

Regards.

Nicolas

0 Likes
mostafa_hassan Outstanding Contributor.
Outstanding Contributor.

Re: CSA SAML Integration Example, Need Support

Jump to solution

The issue has been solved, actually, there was a bug in IDM, Support Provided Hotfix and SAML integration now working.

Regards
Mostafa Hassan
--------------------------------------
If my post helped you, kindly click the 'Kudos' button.
0 Likes
Madhu_HP
Member.

Re: CSA SAML Integration Example, Need Support

Jump to solution

Thank you your article helped. I'll raise a request for hotfix.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.