Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
326 views

SAML Identity Provider


Our organization has two disparate systems: eDirectory (used for mostly
for OES and Zenworks) and Lotus Notes/Domino. Currently users have
separate user accounts on both systems. We are looking for a way to
enable people to log in to Lotus Notes with their eDirectory
usernames/passwords. Various ideas are being thrown around and one idea
from our Domino people is to use SAML. For this to work from eDirectory
side, it seems that I need to set up something called "SAML Identity
Provider" that Domino could then use for user authentication. This is
completely new territory for me as OES admin. After a look through docs,
it seems to me that SAML IdP is not something that one could simply
enable on OES eDirectory server. The solution seems to be Access
Manager.

Is my understanding correct?


--
vatson
------------------------------------------------------------------------
vatson's Profile: https://forums.netiq.com/member.php?userid=2134
View this thread: https://forums.netiq.com/showthread.php?t=51891

Labels (1)
0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SAML Identity Provider

Yes, Access Manager provides the IDP, or the SP. If you are looking to
keep identities synchronized (create/modify/delete) you could also use
Identity Manager, which will synchronize creates, modifies (including
password changes), and delete of users from one environment to another.
There is a Domino driver specifically to connect to Domino from the
Identity Vault, which is built upon eDirectory and can be part of your
existing eDirectory environment. Identity Manager can be used to
synchronize to/from any number of systems, and Access Manager can perform
federation, identity injection, and other tasks with a variety of
third-party application stoo.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SAML Identity Provider


Thanks for the confirmation.

I did actually look at Identity Manager first, but this is not a good
solution due to specific way user authentication is done in Lotus
Domino.

In Domino system, users actually have two passwords. One is the password
they use with Notes client, and the other is so-called "internet
password", used when accessing Domino databases via http, accessing mail
via IMAP etc. Identity Manager can synchronize the internet password but
not the password used with Notes client.


--
vatson
------------------------------------------------------------------------
vatson's Profile: https://forums.netiq.com/member.php?userid=2134
View this thread: https://forums.netiq.com/showthread.php?t=51891

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SAML Identity Provider

Just in case there is any misconception in functionality, Identity Manager
(IDM) can set both the user.id and HTTP passwords.

https://www.netiq.com/documentation/idm402drivers/notes/data/bbykp5u.html

The driver also supports the newer IDVault feature in Domino for id
recovery and management, which I believe helps with the whole password
reset situation:

https://www.netiq.com/documentation/idm402drivers/notes/data/bmrnsqv.html

NAM is a great product as well, and may be exactly what you're after.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SAML Identity Provider

On Sat, 04 Oct 2014 16:50:59 +0000, vatson wrote:

> Our organization has two disparate systems: eDirectory (used for mostly
> for OES and Zenworks) and Lotus Notes/Domino. Currently users have
> separate user accounts on both systems. We are looking for a way to
> enable people to log in to Lotus Notes with their eDirectory
> usernames/passwords. Various ideas are being thrown around and one idea
> from our Domino people is to use SAML. For this to work from eDirectory
> side, it seems that I need to set up something called "SAML Identity
> Provider" that Domino could then use for user authentication.


If Notes will accept a federated login based on SAML, you might look at
Shibboleth (http://shibboleth.net/). The Identity Provider (IdP) works
well with an eDirectory back end via LDAP.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.