No author bio information
0 points earned on legacy (former) Cool Solutions site
1235 points earned on this site
Most NAM setups involve a Load Balancer (LB) fronting either the Access Gateway or Identity Server nodes. When these Load Balancers are set up in SNAT / Proxy mode, the IP address of the incoming request will be that or the LB and not the users IP address. Any NAM decisions that perform an action…
NetIQ technical services gets a lot of requests from customers reporting poor ratings when evaluated by SSLLABs tool. The following document outlines some changes that will hopefully help move you towards an A+ rating. Changes Needed on Access Manager Appliance or Access Gateway Appliance You must have a certificate using SHA 256 to obtain…
This cool solution will show you how to integrate ServiceNow into your NAM implementation using a federated authentication via SAML 2.0. By using SAML 2.0, your users authenticate to NAM as they typically do using their existing LDAP credentials provided by your corporate directory. The service-now.com application then authenticates users via SAML without the need to synchronize passwords with service-now.com.
NetIQ Access Manager has always provided the ability for users to single sign on to back end web servers. These back end web servers provide a series of protected resources that users can only access once authenticated to an Identity Server, and authorised by the Access Gateway. Having parsed the user credentials, and validated these credentials against a back end user store, the Identity server creates and maintains an active session for that user.
To avoid hacker attacks on user credentials, you need to be able to define some sort of whitelist on the IDP server defining valid target domains that users can be redirected to. Neil Cashell explains how to set this up.
Neil Cashell and Tom Greene show how Novell Access Manager can be used to single sign on to Cisco’s WebEx collaboration cloud using the SAML2 protocol.
This article by Alan Weber and Neil Cashell explains how to configure a Novell Access Manager 3.1 SAML 1.1 Identity provider so that it integrates seamlessly with a Vertex SAML 1.1 Service Provider using the Intersite transfer URL.
When debugging the most common SAML setups with Novell Access Manager, the Authentication Request and response including the assertion are sent via the browser using the POST or Redirect profile. HTTP header output on the browser can be used to view these SAML request/responses, but the content is both URL and base64 encoded and therefor not very legible. Here’s a tip from Neil Cashell on how to use a new SAML plugin for Firefox that will make it faster to troubleshoot and more legible.
When a SAML 2 environment is setup to federate between an Identity Provider (IDP) and Service Provider (SP), the user is always prompted to consent to the federation before it progresses. Here’s a tip from Neil Cashell on how to disable the question.
Neil Cashell explains how to add a Shibboleth SP to your NAM implementation using a federated authentication via SAML 2.0.