No author bio information
0 points earned on legacy (former) Cool Solutions site
535 points earned on this site
This cool solution will show you how to integrate ServiceNow into your NAM implementation using a federated authentication via SAML 2.0. By using SAML 2.0, your users authenticate to NAM as they typically do using their existing LDAP credentials provided by your corporate directory. The service-now.com application then authenticates users via SAML without the need to synchronize passwords with service-now.com.
NetIQ Access Manager has always provided the ability for users to single sign on to back end web servers. These back end web servers provide a series of protected resources that users can only access once authenticated to an Identity Server, and authorised by the Access Gateway. Having parsed the user credentials, and validated these credentials against a back end user store, the Identity server creates and maintains an active session for that user.
To avoid hacker attacks on user credentials, you need to be able to define some sort of whitelist on the IDP server defining valid target domains that users can be redirected to. Neil Cashell explains how to set this up.
Neil Cashell and Tom Greene show how Novell Access Manager can be used to single sign on to Cisco’s WebEx collaboration cloud using the SAML2 protocol.
This article by Alan Weber and Neil Cashell explains how to configure a Novell Access Manager 3.1 SAML 1.1 Identity provider so that it integrates seamlessly with a Vertex SAML 1.1 Service Provider using the Intersite transfer URL.
When debugging the most common SAML setups with Novell Access Manager, the Authentication Request and response including the assertion are sent via the browser using the POST or Redirect profile. HTTP header output on the browser can be used to view these SAML request/responses, but the content is both URL and base64 encoded and therefor not very legible. Here’s a tip from Neil Cashell on how to use a new SAML plugin for Firefox that will make it faster to troubleshoot and more legible.
When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. Here’s a tip from Neil Cashell on how to disable the question.
Neil Cashell explains how to add a Shibboleth SP to your NAM implementation using a federated authentication via SAML 2.0.
Updated with a version for Access Manager 3.1.2.
The ability to single sign on (SSO) to NetIdentity aware Web applications was available with Novell’s iChain product. Novell Access Manager, the successor to the iChain product, does not include any NetIdentity authentication profile or class. The attached jar file offers the ability to SSO to Access Manager from NetIdentity enabled workstations. This document describes the requirements and configuration steps required to get NetIdentity SSO to Access Manager, and describes the NetIdentity protocol exchange during authentication.
Neil Cashell explains how to set up a Citrix SSL terminator with Novell Access Manager.