sushantcap
New Member.
601 views

User application and Access Manager SAML integration

Hello,

We have integrated NAM with User application using SAML.
I get the NAM login page only if I enter url: https://userapplicationurl/IDMProv

And I get connection refused if I enter https://userapplicationurl/idmdash

Please let me know how to re-direct user to dashboard after entering credentials.

Right now it takes us to /IDMProv/portal/cn/DefaultContainerPage/MyOrgChart page after entering the credentials and there I get a following message.

The page cannot be found.

The User Application interface is discontinued. Click this link to access the new user interface.

And when I click on the given link then it takes me to dashboard page.

And when in user application configupdate file I updated RBPM OSP redirect url to https://userapplicationurl/idmdash/#/landing, then it redirects user to dashboard after entering the credentials.

But when I try to open any workflow then again it redirect me to https://userapplicationurl/idmdash/#/landing instead of opening the workflow.

Version used:
IDM: 4.7.1
NAM: 4.4.1

Please let me know how to resolve this issue.

Thanks,
Sushant
Labels (1)
0 Likes
6 Replies
Micro Focus Contributor
Micro Focus Contributor

Re: User application and Access Manager SAML integration

Hi,

Are you able to access any page other than landing page?

are you seeing any error in catalina? or browser console?


Thanks,
Sriram
0 Likes
sushantcap
New Member.

Re: User application and Access Manager SAML integration

Hi,

I'm able to get NAM login page only if I enter https://userapplicationurl/IDMProv

I'm not able to see any errors in catalina, but in browser I get https://NAMURL refused to connect when I enter https://userapplicationurl/idmdash

Thanks,
Sushant
0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: User application and Access Manager SAML integration

sushantcap;2491677 wrote:
Hi,

I'm able to get NAM login page only if I enter https://userapplicationurl/IDMProv

I'm not able to see any errors in catalina, but in browser I get https://NAMURL refused to connect when I enter https://userapplicationurl/idmdash

Thanks,
Sushant


Sushant,
Have you followed the TID mentioned in section 37.2.2 in https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/saml-authentication-for-single-sign-on.html
The default NAM security policy could block the login page from displaying.

Thanks
Ramesh
0 Likes
sushantcap
New Member.

Re: User application and Access Manager SAML integration

Hi Ramesh,

I checked the TID mentioned in section 37.2.2 in https://www.netiq.com/documentation/...e-sign-on.html, it is for NAM 4.3, we are using NAM 4.4.1

Anyways, the issue has been resolved.

I updated H404.jsp located under /opt/netiq/idm/apps/tomcat/webapps/IDMProv/jsps/common and mentioned the following:

<% response.sendRedirect("https://UserapplicationURL/idmdash"); %>

Now after enter the credentials in NAM login page i'm getting re-directed to dashboard page.

Thanks,
Sushant
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: User application and Access Manager SAML integration

On 12/7/18 2:54 AM, sushantcap wrote:
>
> Hi Ramesh,
>
> I checked the TID mentioned in section 37.2.2 in
> https://www.netiq.com/documentation/...e-sign-on.html, it is for NAM
> 4.3, we are using NAM 4.4.1
>
> Anyways, the issue has been resolved.
>
> I updated H404.jsp located under
> /opt/netiq/idm/apps/tomcat/webapps/IDMProv/jsps/common and mentioned the
> following:
>
> <% response.sendRedirect("https://UserapplicationURL/idmdash"); %>
>
> Now after enter the credentials in NAM login page i'm getting
> re-directed to dashboard page.
>
> Thanks,
> Sushant
>
>

Greetings,
That sounds more like a work-around then a resolution. I would
suggest opening a Service Request with Support so they can track down
the root of the issue and update as necessary.

--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
ksoze Absent Member.
Absent Member.

Re: User application and Access Manager SAML integration

Hey Suahant,

Sounds like a neat solution to people hitting the /IDMProv URL, which is now invalid. Nice way to redirect people if they have old bookmarks.

There's another problem here though, that you should resolve - the redirection between OSP and NAM should work well for whatever valid UserApp URL the users hit.

If you revert the H404 config to normal temporarily, and then trace the auth in Firefox using the SAML-Tracer extension, do you see anything relevant in there?

CFN,

/KS
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.