Mohit_Verma02 Trusted Contributor.
Trusted Contributor.
622 views

Protecting Sentinel using SAML via NetIQ Access Manager

Hi,

Anyone protected Sentinel using SAML via NetIQ Access Manager?
As per the doc below is given to get the metadata for Sentinel but I am unable to get metadata from the below URL.

In your web browser, go to the following URL:
https://DNS_Sentinel_server:Port/osp/a/siem/auth/saml2/spmetadata
Where DNS_Sentinel_server is the FQDN of the Sentinel server and Port is the port Sentinel uses (typically 8443).

Anyone with any pointers would be great.
Also is is good to use SAML or Oauth to protect Sentinel URL?

Regards,
Mohit Verma
0 Likes
5 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Protecting Sentinel using SAML via NetIQ Access Manager

Mohit,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Protecting Sentinel using SAML via NetIQ Access Manager

Mohit_verma02;2498963 wrote:
Hi,

Anyone protected Sentinel using SAML via NetIQ Access Manager?
As per the doc below is given to get the metadata for Sentinel but I am unable to get metadata from the below URL.

In your web browser, go to the following URL:
https://DNS_Sentinel_server:Port/osp/a/siem/auth/saml2/spmetadata
Where DNS_Sentinel_server is the FQDN of the Sentinel server and Port is the port Sentinel uses (typically 8443).

Anyone with any pointers would be great.
Also is is good to use SAML or Oauth to protect Sentinel URL?

Regards,
Mohit Verma


I haven't actually tried this yet...I just same sign on at the moment... I'm assuming you made the necessary config changes, keystores, and touch files as per doco..??

Visit my Website for links to Cool Solution articles.
0 Likes
Mohit_Verma02 Trusted Contributor.
Trusted Contributor.

Re: Protecting Sentinel using SAML via NetIQ Access Manager

ScorpionSting;2499376 wrote:
I haven't actually tried this yet...I just same sign on at the moment... I'm assuming you made the necessary config changes, keystores, and touch files as per doco..??


Hi Scorpion,

Thanks for the revert.
Yes I tried but not able to get the metadata itself.
Also doco confuses as it actually says MFA and under that talks about NAAF and SAML.
So I wanted to know if it actually supports SAML via NAM?

Regards,
Mohit Verma
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Protecting Sentinel using SAML via NetIQ Access Manager

Mohit_verma02;2500039 wrote:
Hi Scorpion,

Thanks for the revert.
Yes I tried but not able to get the metadata itself.
Also doco confuses as it actually says MFA and under that talks about NAAF and SAML.
So I wanted to know if it actually supports SAML via NAM?

Regards,
Mohit Verma


I just tried and get the same thing....seems to be traced down to this error in /var/opt/novell/sentinel/3rdparty/jetty/webapps/osp.tmp/webapp/logs/osp-sentinel.2019-05-21.log


Log Data: A tenant configuration (siem) failed to load. This tenant was excluded from the configuration.: internal.atlaslite.jcce.validation.ValidationException: The tenant configuration "siem" cannot be loaded.

Validation messages (10):
1) Error: Tenant[Sentinel (id=siem)]/KeyStore[Signing]
The required attribute 'keyStorePassword' is missing.
2) Error: Tenant[Sentinel (id=siem)]/KeyStore[Signing]
The required attribute 'keystore' is missing.
3) Error: Tenant[Sentinel (id=siem)]/KeyStore[Encrypting]
The required attribute 'keyStorePassword' is missing.
4) Error: Tenant[Sentinel (id=siem)]/KeyStore[Encrypting]
The required attribute 'keystore' is missing.
5) Error: Tenant[Sentinel (id=siem)]/KeyStore[TLS]
The required attribute 'keyStorePassword' is missing.
6) Error: Tenant[Sentinel (id=siem)]/KeyStore[TLS]
The required attribute 'keystore' is missing.
7) Error: Tenant[Sentinel (id=siem)]/HTTPInterface[Sentinel HTTP 1 (id=sentinel-http-1)]
At least one attribute value, in the following group of attribute names, must exist and be valid: ipAddress, domainName
8) Error: Tenant[Sentinel (id=siem)]/HTTPInterface[Sentinel HTTP 1 (id=sentinel-http-1)]
Neither domain nor IP address specified.
9) Error: Tenant[Sentinel (id=siem)]/HTTPInterface[Sentinel HTTP 1 (id=sentinel-http-1)]
No cookie domain
10) Warning: Tenant[Sentinel (id=siem)]/Logging[Sentinel Audit Events Logger (id=sentinel-audit-events-logger)]
Using this method of configuring a logger is deprecated and will be removed in a future version. Please update your configuration to use a logger-implementation-specific configuration item (e.g., <ConsoleLogger> or <JavaUtilLogger>).
internal.osp.framework.config.OSPConfigurationCache: OSPConfigurationCache.java: get: 438


I think the documentation is misleading. What I can tell, of the deployed osp.war, is that it only accounts for MFA with AAF...not as a sign in provider from any IDP

Visit my Website for links to Cool Solution articles.
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Protecting Sentinel using SAML via NetIQ Access Manager

I think it may be related to configuration defined in this doco page: https://www.netiq.com/documentation/sentinel-82/s821-admin/data/t46aawmv3mux.html

It talks about modifying the osp siem xml....

Visit my Website for links to Cool Solution articles.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.