fp_idmworks Trusted Contributor.
Trusted Contributor.
205 views

4.5 OSP requirement


In the setup_guide, it indicates that OSP must be used for CA, HPD,
Reporting, SSPR and UA.

Does this mean that we must use it? Or can we choose to use another SSO?
Currently I can't login to my dev environment as there is an error
indicating that authentication isn't setup.

I have not installed OSP and I am trying not to use it if possible.

thanks,
Fred


--
fp_IDMWORKS
------------------------------------------------------------------------
fp_IDMWORKS's Profile: https://forums.netiq.com/member.php?userid=9869
View this thread: https://forums.netiq.com/showthread.php?t=53885

Labels (1)
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: 4.5 OSP requirement

On 7/15/2015 11:44 AM, fp IDMWORKS wrote:
>
> In the setup_guide, it indicates that OSP must be used for CA, HPD,
> Reporting, SSPR and UA.
>
> Does this mean that we must use it? Or can we choose to use another SSO?
> Currently I can't login to my dev environment as there is an error
> indicating that authentication isn't setup.


When it was just User App, then SSO was built into UA. (SAP Logon
tickets, Kerb, and headers for SSO from some other SSO solution).

With the additional 'modules' (Landing, dash, CA, Reporting, etc) they
needed to do SSO within the different modules of the now named "Identity
applications".

So OSP was taken from the xAccess products (Cloud Access, Mobile Access,
Social Access) to be the internal SSO method, since it can do Kerb,
User/password, and SAML for initial login, and then OAuth for backend
services. (OSP is almost like a stripped down NAM, meant for a single
box model, instead of all the components of NAM)

You can SSO your SAML stack to OSP, which then federates you to identity
apps, which in UA, then federates you to eDir via the eDir NMAS SAML
method (Since no password came through the SSO from outside, but need to
bind to eDir os your Form's actions happen as 'you'.)

Is that enough federation for you? 🙂

I have been writing some articles about this stuff, in trying to get
Shibboleth working with OSP via SAML. It does work. (Two bugs found,
one fixed, one still outstanding but easy to work around (as of 4.5.1)).

https://www.netiq.com/communities/cool-solutions/configuring-idm-4-5s-osp-talk-shibboleth-idp
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-idm-4-5-part-2
https://www.netiq.com/communities/cool-solutions/troubleshooting-osp-sspr-part-3
https://www.netiq.com/communities/cool-solutions/troubleshooting-sso-user-application-4-02/






0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.