Anonymous_User Absent Member.
Absent Member.
907 views

SSO FOR SSPR


hello;
I want to configure sso for sspr,
i have configured In NAM a new policy injection (Inject into
Authentication Header)
I have followed the steps in section 6.3.1 of this URL
http://tinyurl.com/l5yd8hh
I debug this as folow:
1. first i connect to the URL of NAM(ACCESS GATEWAY),
2. second i enter the url of change password of sspr
Iam always redirected to the sspr authentication page .
Any one can help me to know how i can i debug this.
Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
9 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR

falimrina,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit http://www.netiq.com/support and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.netiq.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.netiq.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team
http://forums.netiq.com


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


Having this same issue.


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


rrawson;247665 Wrote:
> Having this same issue.


What SSPR version are you using?
I'm on 3.1 with NAM 3.2.x and SSO works fine.

I can share my config/setup (although I think I set it up as per the
docs). But note:
If using 3.0 codebase, I had to use the latest build or else it wouldn't
work.

I'll see what build of 3.1 I'm on.
--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


SSPR version is 3.0.
I have integrated "ForgottenPassword" into login IDP,
In "Access Manager" when i define public ressources for SSPR as /sspr/*
iam not redirected to "forgottenPassword" page, iam redirected to "IDP
login page".
when i disable the protected ressources (/sspr/*), iam redirected to
"forgottenPassword" SSPR page, but when iam login throw IDP login page,
iam already redirected to login SSPR page.( the authentication is not
done directly throw Idp, the authentication is also done throw SSPR
login page.
Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


falimrina;248165 Wrote:
> SSPR version is 3.0.
> I have integrated "ForgottenPassword" into login IDP,
> In "Access Manager" when i define public ressources for SSPR as /sspr/*
> iam not redirected to "forgottenPassword" page, iam redirected to "IDP
> login page".
> when i disable the protected ressources (/sspr/*), iam redirected to
> "forgottenPassword" SSPR page, but when iam login throw IDP login page,
> iam already redirected to login SSPR page.( the authentication is not
> done directly throw Idp, the authentication is also done throw SSPR
> login page.
> Thank's


If using 3.0 I believe you need to be at 3.0.4

Also, have you read the docs? I believe the docs tell you to define 2
resources:
"public" (or I call mine everything) with a path of:
/*

don't assign any policies to that

Then the private one gets:
/sspr/private/*
/sspr/private/admin/*
/sspr/config/*

And those get the restricted access.

This is in section 6.1.2 of the SSPR 3.1 docs

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


I have read the novell docs,
I have Configured reverse proxy for SSPR for path-based multi-home
setup: SSPR is accessible throw "/sspr"
Then i configured protected ressources for SSPR: public (/*) and
private (/sspr/private/*, /sspr/private/admin/* , /sspr/config/* ).
I have a policy injection definied for private ressources.
..when iam loging using IDP login page: iam not redirected directed
directly to SSPR main page, iam usually redirected to make second
authentication throw SSPR login page.
Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


I have read the novell docs,
I have Configured reverse proxy for SSPR for path-based multi-home
setup: SSPR is accessible throw "/sspr"
- Then i configured protected ressources for SSPR: public (/*) and
private (/sspr/private/*, /sspr/private/admin/* , /sspr/config/* ).
- For the ressources /sspr/private/Login, i have definied a form fill.
-I have a policy injection definied for private ressources.

When iam loging using IDP login page: iam not redirected directed
directly to SSPR main page, iam usually redirected to make second
authentication throw SSPR login page.
Thank's


--
falimrina
------------------------------------------------------------------------
falimrina's Profile: https://forums.netiq.com/member.php?userid=7217
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR


falimrina;248342 Wrote:
> I have read the novell docs,
> I have Configured reverse proxy for SSPR for path-based multi-home
> setup: SSPR is accessible throw "/sspr"
> - Then i configured protected ressources for SSPR: public (/*) and
> private (/sspr/private/*, /sspr/private/admin/* , /sspr/config/* ).
> - For the ressources /sspr/private/Login, i have definied a form fill.
> -I have a policy injection definied for private ressources.
>
> When iam loging using IDP login page: iam not redirected directed
> directly to SSPR main page, iam usually redirected to make second
> authentication throw SSPR login page.
> Thank's


Unfortunately my setup is domain-based not path-based, so I wonder if
there may be an issue there with defining the sub-paths within the
path-based proxy.

You may need to open an SR with Novell on this one.

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=51190

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSO FOR SSPR

On 9/5/2014 2:37 PM, kjhurni wrote:
>
> falimrina;248342 Wrote:
>> I have read the novell docs,
>> I have Configured reverse proxy for SSPR for path-based multi-home
>> setup: SSPR is accessible throw "/sspr"
>> - Then i configured protected ressources for SSPR: public (/*) and
>> private (/sspr/private/*, /sspr/private/admin/* , /sspr/config/* ).
>> - For the ressources /sspr/private/Login, i have definied a form fill.
>> -I have a policy injection definied for private ressources.
>>
>> When iam loging using IDP login page: iam not redirected directed
>> directly to SSPR main page, iam usually redirected to make second
>> authentication throw SSPR login page.
>> Thank's

>
> Unfortunately my setup is domain-based not path-based, so I wonder if
> there may be an issue there with defining the sub-paths within the
> path-based proxy.
>
> You may need to open an SR with Novell on this one.
>
> --Kevin
>
>

Without conclusively confirming this, or saying that Path based is the
problem... our setup on 3.1.0.1 works perfectly using domain based.

R
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.