Thomas Reibenwein Regular Contributor.
Regular Contributor.
826 views

SSPR - NAM Integration with OAUTH SSO?

Hi!

I´m trying to integrate a SSPR 4.3.0.3 installation with NAM 4.4.2 using OAUTH as SSO method.

On the NAM side: registered the SSPR box as OAUTH client with "https://<sspr-name>/sspr/public/oauth" as redirect URI


On the SSPR side: configured the following options at Settings --> Single Sign On (SSO) Client --> OAuth

- OAuth Login URL: https://<nam-idp-name>/nidp/oauth/nam/authz
- OAuth Code Resolve Service URL: https://<nam-idp-name>/nidp/oauth/nam/token
- OAuth Profile Service URL: https://<nam-idp-name>/nidp/oauth/nam/userinfo
- OAUTH Web Service Server Certificate: Imported from Server
- OAuth Client ID: from NAM IDP
- OAuth Shared Secret: from NAM IDP
- OAuth User Name/DN Login Attribute: cn



After restricting the SSPR configuration, SSPR redirects to NAM IDP for login and gets the OAUTH autorization code back.

SSPR then POSTs to the Token endpoint to get the access token, but SSPR does not send its client secret as parameter in the POST request as NAM expects it.

Here are the related lines from /var/opt/novell/nam/logs/idp/tomcat/catalina.out:

<amLogEntry> 2018-09-27T13:16:57Z INFO NIDS Session Logger: com.novell.nam.nidp.oauth.nidp.servlets.OAuthApplication: 143 * Server has received a request on thread ajp-bio-127.0.0.1
-9019-exec-2
143 > POST https://<nam-idp-name>/nidp/oauth/nam/token
143 > accept-encoding: gzip
143 > authorization: Basic MTgzZDQyMWMt************************Dg3WFhMdndVLWdmejNR
143 > connection: Keep-Alive
143 > content-length: 2024
143 > content-type: application/x-www-form-urlencoded; charset=UTF-8
143 > host: login.itdesign.at
143 > user-agent: SSPR v4.3.0.2 b384 r39563
143 > Via: 1.1 <nam-idp-name> (Access Gateway-ag-68AF838B545E535B-27436926)
</amLogEntry>

<amLogEntry> 2018-09-27T13:16:57Z WARNING NIDS Session Logger: com.novell.nam.nidp.oauth.core.helpers.OAuth2AuthzAccessTokenRequest: invalid_client: client_secret is must </amLogEn



Is there a way to make SSPR behave like NAM IDP does expect an OAUTH client?


Thank you,
Thomas
0 Likes
1 Reply
AutomaticReply Absent Member.
Absent Member.

Re: SSPR - NAM Integration with OAUTH SSO?

reibenwein,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.