SAML 1.1 Integration with Vertex using Novell Access Manager 3.1



By: ncashell

August 30, 2011 3:54 pm

Reads: 382

Comments:0

Rating:3.0

Authors:
Alan Weber – Integrys Energy Group, Inc.
Neil Cashell – Novell Technical Services

Introduction:

The goal of Identity Federation is to enable users of one trusted business partner to securely and seamlessly access resources/systems of another business partner based on the business and technical agreements in a trustworthy manner. Identity Federation enables Single Sign-On, Access Control and Single Sign-Off provisioning for users and links users’ identities.

This document helps the user to Configure a Novell Access Manager 3.1 SAML 1.1 Identity provider so that it integrates seamlessly with a Vertex SAML 1.1 Service Provider using the Intersite transfer URL. Vertex is a business partner that we work with on a specific energy-related application – like most SAML 1.1 Service Providers, it consumes a SAML assertion generated by a trusted Identity Provider (Novell Access Manager) to determine single sign on and authorize users.

Although the approach is similar to the solution described for Access Manager 3.0 in the SAML / NAM / Concur Integration document, the newer version of Access Manager simplifies the configuration, especially in terms of sending the users NameIdentifier in the Authentication Response.

Configuration of SAML 1.1 Implementation at Integrys

To configure SAML 1.1, you must first log into Access Manager. The admin server URL is https://dob-amap1:8443/nps/. Log in with your Access Manager credentials.

Click to view.

Once logged in, click the link for Identity Servers, and select the pool. In this example, the pool is named PIDSCL1.

Click to view.

On the IDP Cluster configuration page, click the SAML 1.1 link

Click to view.

To create a new Service Provider, click “New”, and select Service Provider

Click to view.

Name your Service Provider.

When integrating with Vertex, you must select “Metadata Text”, since they do not use Access Manager and cannot provide a Metadata URL.

The Metadata provided is unique to the environment you’re connecting to, and must have a few necessary components.
Enter the Metadata and click Next

*See Appendix 1 for Vertex’s Metadata.

Click to view.

Verify that the Certificate information is correct.

Click Finish.

Click to view.

Add trusted root cert for signing cert to the NIDP-Trusstore. This is a requirement for the Vertex SAML 1.1 Service Provider to load correctly on the Identity Server.

Click to view.

Once you’ve created the Service Provider, you must now choose which attributes you want to send with the SAML assertion. Click the Service Provider you just created.

Click to view.

Click the Attributes link, and select Attribute Set.

If the one you need doesn’t exist, click <New Attribute Set>

Click to view.

Name your attribute set, and click <None> for template

Click to view.

Click New and select the attributes you’d like to map.

For Vertex, we map the attributes:

WPSRTWAECISnumber
WPSRTWARole
cn

NOTE: If the attribute mappings are not showing up, go to Identity Servers > Shared Settings and create mappings. See Novell Documentation for more info.

Click to view.

Once you’ve created your attribute set, select it and choose the attributes you’d like to send with authentication.

Click to view.

Next, click Authentication Response and set the

  • NameIdentifier format to be unspecified and set the value to be the LDAP cn
  • Assertion Validity period to 7200. This allows SAML sessions to be valid for 2 hours on the Vertex SP.

These settings were requested by Vertex

Click to view.

You may choose to set up an Intersite Transfer Service to simplify your SAML Assertion link. We can’t use it in our environment, but to do this, enter an ID, and the target URL from the Metadata (hint: look for Location=)

Click OK and update your Identity Servers and Access gateways (if required)

You should now be done.

To use your new SAML 1.1 implementation, use the following links

With Intersite Transfer Service:

This uses the ID you created for the Intersite Transfer Service. You cannot add any attributes to the end of this URL, which is why we cannot use it.
https://ids.integrysgroup.com:8443/nidp/saml/idpsend?id=Vertex

Using Intersite Transfer URL without the identifier:

When no identifier is passed to the idpsend service, we need to pass the PID and Target instead. The PID is simply the ‘entityID’ string from the SP metadata that we imported into the Identity Server SAML setup, and the target is the destination URL that we want to go to.

     PID = entityID
     Target = Location

You can also add attributes to the end of these links. Note how Integrys adds “site=mer” or “site=mgu” to the end of our target URL. This allows the SP to do some additional processing based on the parameter passed to it.

https://ids.integrysgroup.com/nidp/saml/idpsend?PID=https://twa.utilitiesbp.com/SAML2&TARGET=https://twa.utilitiesbp.com/saml.do?site=mgu

https://ids.integrysgroup.com/nidp/saml/idpsend?PID=https://twa.utilitiesbp.com/SAML2&TARGET=https://twa.utilitiesbp.com/saml.do?site=mer

Appendix 1 – Vertex Metadata

Vertex Metadata. Copy into Notepad for proper formatting. Note that the Certificate entry is not really required as we are using the intersite transfer URL approach and the SP never generates a SAML Authnetication request to the Identity server that could be signed with this certificate.

<md:EntityDescriptor
                xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
                entityID="https://twa.utilitiesbp.com/SAML2">
<md:SPSSODescriptor   protocolSupportEnumeration="urn:oasis:names:tc:SAML:0.1:protocol
urn:oasis:names:tc:SAML:1.1:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:KeyName>twa.utilitiesbp.com</ds:KeyName>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#">                                                                                                MIIE9DCCA9ygAwIBAgIETBpFwzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UE                                                                                                BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5l                                                                                                bnRydXN0Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEf                                                                                                MB0GA1UECxMWKGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50                                                                                                cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xMTA1MDIx                                                                                                ODU5MjhaFw0xMzA3MDMwNDI3NTdaMIGaMQswCQYDVQQGEwJVUzEOMAwGA1UE                                                                                                CBMFVGV4YXMxEzARBgNVBAcTClJpY2hhcmRzb24xITAfBgNVBAoTGFZlcnRl                                                                                                eCBCdXNpbmVzcyBTZXJ2aWNlczElMCMGA1UECxMcSW5mb3JtYXRpb24gU3lz                                                                                                dGVtcyBTZWN1cml0eTEcMBoGA1UEAxMTdHdhLnV0aWxpdGllc2JwLmNvbTCC                                                                                                ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKZm5U/YrxCEePLvi+nD                                                                                                q2n1pavsOmLnkxjgr0yqo1xCzrvCNMVCPcAzzPBfakWCpay7qcr/XLV5rJEG                                                                                                eq29T8Gz8XoFB9/wdq3ZKxK/prV4oW+T8fel9Hlnme4XeEN2nh9mLh8TlLPt                                                                                                KFWObI0k6vQ2Kpy6ezrXXaRx6SMItmCz3CYoSEq9OA79IfIzar9CrC7GoQNs                                                                                                MnnEXlah1pA+4Mcz1H+h7NUVPzP27IBbdoGD5YkLragzU0r7J5VUdh70+VwB                                                                                                /rX9pGXogZp20zOSMw0UnujOdgnPhC4LTLf+wRuqEJmetrbOxUj/x4LV3RUw                                                                                                v3fWeSVDAZ2gMxe50VH2O5ECAwEAAaOCAScwggEjMAsGA1UdDwQEAwIFoDAd                                                                                                BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwMwYDVR0fBCwwKjAooCag                                                                                                JIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDAzBggrBgEF                                                                                                BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0                                                                                                MEAGA1UdIAQ5MDcwNQYJKoZIhvZ9B0sCMCgwJgYIKwYBBQUHAgEWGmh0dHA6                                                                                                Ly93d3cuZW50cnVzdC5uZXQvcnBhMB8GA1UdIwQYMBaAFB7xq4kG+EkPATN3                                                                                                7hR67hl8kyhNMB0GA1UdDgQWBBT/5wcC3TAejp+3OmYv/7QjS29GgjAJBgNV                                                                                                HRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQB2neGhzzgOgv7novQfZkDxk0U7                                                                                                1jJ7HZFgZgEx/0U34IXjOM4x2IeaRIRpQidRmEvlTSTVUlamm5IEtT4FIZom                                                                                                VtSZGbh7gCqMLC76iDPGqc3ZoM1VpvkQWpbehtvI5vxlwtg4x/j2oFe7j/rK                                                                                                DdH/9Mex+h0snCGk23WSDrjZ9Z6B3+2RGZ33ek7cGbrinLOGvIi/k5e44Kif                                                                                                Q/qzsCAMqCHG6OfeAJr/NU0yck8DjQ99/NX8kZ7mvuufCS/BH0jastdC8h5N                                                                                                0VIqcigiqz2VeoaBH7VD77QMvXrb6wsyUyiNqlRIlFwXtBJ179lLLdy8THHa                                                                                                sLIX+T39S+OEMawL
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://twa.utilitiesbp.com/saml.do" index="0"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>

Appendix 2 – Sample Assertion based on our configuration

  1. Note the Authentication Statement includes the users CN (AWEBER) in the Subject NameIdentifier sections with the unspecified format (as defined in the Authentication Response UI field above)
  2. Note the Attribute Statement includes the three attributes configured in the ‘send with authentication’ Attribute UI field above, and required by the SP.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" IssueInstant="2011-08-22T16:27:06Z" MajorVersion="1" MinorVersion="1" Recipient="https://twa.utilitiesbp.com/SAML2" ResponseID="idBd5V6Z6streMSo7VtTAbd02TyC4"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#idBd5V6Z6streMSo7VtTAbd02TyC4"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">7odfnLwMKVNff1LvN1OdSMogPeQ=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
JzDlcLfqXEBX749BS7imw4d98PgU2J7RgFFQ+XT3Wpr+7rE+pdN074pi9DREfwQ7todPvBmPaQ6f
IdgT+3sni540nIWLzfJoCF1aO9GVUrtov93GAQkno4lMEH4BM5L5dG44dn3In1qfz651LgdOJmHd
KQlGgLCtQ5wp622QoG/fGTdK2EzXaUeljweVnOggiKI2Qc85AChLkW4gp8oMnNFojjhlIkwP4DBF
+TchGXIcIPdytzHQgAC50uhKiqc32sI3weHtUMweiYF7Fip5SaDRoDwR6RvfwY6XUJqHOZgC1kQa
shHa8E6lat6Cyi7PK29lk5ZvbUbnJ9n3PR1C2Q==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIFKTCCBBGgAwIBAgIkAhwR/6UpfOR12tND14KglLl6lwmgZUJPabz1NSLpAgICMXqOMA0GCSqG
SIb3DQEBBQUAMDUxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRcwFQYDVQQKFA5ET0JfQU1B
UDFfdHJlZTAeFw0xMDA3MjExOTQzMDZaFw0xMjA3MjExOTQzMDZaMEAxFTATBgNVBAMTDHRlc3Qt
c2lnbmluZzEWMBQGA1UECxMNYWNjZXNzTWFuYWdlcjEPMA0GA1UEChMGbm92ZWxsMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzXZM9iq4TovAODD38DPcWWi6WnjpSWfMPuAhPGovqeB
d943+4Mtl5sumVlBiZ5gduf6lje1gdofaeEGUHfxB85NnRWwGSlU9YcJcDUk1U7pEd+lcAmv8ax+
ajY5dnrfV5ShdVnTpNwZTE6Rb4TQ5sowYZbZvTebZjjBIVjlhJ9mKlYbomkPC4qroKLUWY+B0zPY
k9RD5PRRCVF6Dg93Td5ZBNzOZ5PqVYIuy5A24dQtpRCRN7m/JUn1pAuqIdDWvpAFOyWZoeJhtBrG
5TABLpKRU8MQI0izb7KdmT5t7ocECXmdt+8CCLLOapg0rjYyuzYzx67kuTWt06r5N3w9iQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJxc+5vVttmxai1REoIOaeaD6KtSMB8GA1UdIwQYMBaAFJA2K98X
gUno3HU172FdovqJM6/8MIIBzAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBT
ZWN1cml0eSBBdHRyaWJ1dGUodG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3Np
dG9yeS9hdHRyaWJ1dGVzL2NlcnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYC
AQECAQoCAWmhGgEBADAIMAYCAQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf+jggEEoFgCAQICAgD/
AgEAAw0AgAAAAAAAAAAAAAAAAwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAY
MBACAQACCH//////////AQEAAgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAA
AAAAAAAwGDAQAgEAAgh//////////wEBAAIEEf+lKTAYMBACAQACCH//////////AQEAAgQR/6Up
ok4wTAIBAgIBAAICAP8DDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////
AQEAMBIwEAIBAAIIf/////////8BAQAwDQYJKoZIhvcNAQEFBQADggEBABxNc7zqYirc/zxWHeT8
LZvxFzu0uMAWfY8HLpjvb61ekS4NnDc/dx2ZtOQOJJGJPZvP85YU6yj71ecEnGqzjVlHqlV+4iC8
/YPlFA+wIKLe0aKxhSDnMwN7gqVlab/gxxWNgRzfiY9I+XmwzVy6JpfWaGM9XcqSGkIY9ddc1f9e
kbDn3MH6iVl+UsKreifJ0qlG/ERvVFVXOWz3P0x3JBfnt9rxmy8O5uu0SPKgyzHBwcylECWw5WYv
0TfUTMdXdKjSj6POyvpPQZ9kUX10qxlm2wK6bZCQGdpYJwvHDhIn/Z2QLwf5fbZF6FcXQ7yezhPK
DHDphwGwajkO0q+CWv8=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
<samlp:Status><samlp:StatusCode Value="samlp:Success"/></samlp:Status>
<saml:Assertion AssertionID="id8WpvY1BeYhq5FY7GnY-aHWeWA3Y" IssueInstant="2011-08-22T16:27:06Z" Issuer="https://ids.integrysgroup.com/nidp/saml/metadata" MajorVersion="1" MinorVersion="1"><saml:Conditions NotBefore="2011-08-22T14:27:06Z" NotOnOrAfter="2011-08-22T18:27:06Z"/><saml:AuthenticationStatement AuthenticationInstant="2011-08-22T16:27:06Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AWEBER</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></saml:AuthenticationStatement><saml:AttributeStatement><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">AWEBER</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject><saml:Attribute AttributeName="UserID" AttributeNamespace="alliance:attributes"><saml:AttributeValue>AWEBER</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="EISnumber" AttributeNamespace="alliance:attributes"><saml:AttributeValue>CEI</saml:AttributeValue></saml:Attribute><saml:Attribute AttributeName="Role" AttributeNamespace="alliance:attributes"><saml:AttributeValue>BROKER</saml:AttributeValue></saml:Attribute></saml:AttributeStatement><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><CanonicalizationMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#id8WpvY1BeYhq5FY7GnY-aHWeWA3Y"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">KCX1ESSgB5xcYFfciPzG0rYaMko=</DigestValue></ds:Reference></ds:SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">
XwTW1S/Gmx8c6W42l6wplc99RX0tVottWl/T09MIqL68ii6+UoBmxTAs8Z+euOqtrGFgSAdTc+P7
twZPPUT0o8sQc9Ejrs72yNfvYOdSJwQXCW0wwUkbIzp+G4vWaGGqbmwhyLabfsNKb4QmJE46HHO4
zGv3n/d55nG+hYgAWClqOYAtJfBra/OL9WfI/pE9LyAdI1VTIOcRtG28Te9YRO5ixywzYjPrmZ5t
HmLnTOt4hnvTk8/MYXWlVi8SaMaTqva9QqTkmi4kYNo8fAD34OSqKFVDLzjT6B53Pc4cCjGMdgMy
rm87QanG/iWsfYUPRMNaTaN+nx2JD8YF/lwWKg==
</SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>
MIIFKTCCBBGgAwIBAgIkAhwR/6UpfOR12tND14KglLl6lwmgZUJPabz1NSLpAgICMXqOMA0GCSqG
SIb3DQEBBQUAMDUxGjAYBgNVBAsTEU9yZ2FuaXphdGlvbmFsIENBMRcwFQYDVQQKFA5ET0JfQU1B
UDFfdHJlZTAeFw0xMDA3MjExOTQzMDZaFw0xMjA3MjExOTQzMDZaMEAxFTATBgNVBAMTDHRlc3Qt
c2lnbmluZzEWMBQGA1UECxMNYWNjZXNzTWFuYWdlcjEPMA0GA1UEChMGbm92ZWxsMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzXZM9iq4TovAODD38DPcWWi6WnjpSWfMPuAhPGovqeB
d943+4Mtl5sumVlBiZ5gduf6lje1gdofaeEGUHfxB85NnRWwGSlU9YcJcDUk1U7pEd+lcAmv8ax+
ajY5dnrfV5ShdVnTpNwZTE6Rb4TQ5sowYZbZvTebZjjBIVjlhJ9mKlYbomkPC4qroKLUWY+B0zPY
k9RD5PRRCVF6Dg93Td5ZBNzOZ5PqVYIuy5A24dQtpRCRN7m/JUn1pAuqIdDWvpAFOyWZoeJhtBrG
5TABLpKRU8MQI0izb7KdmT5t7ocECXmdt+8CCLLOapg0rjYyuzYzx67kuTWt06r5N3w9iQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJxc+5vVttmxai1REoIOaeaD6KtSMB8GA1UdIwQYMBaAFJA2K98X
gUno3HU172FdovqJM6/8MIIBzAYLYIZIAYb4NwEJBAEEggG7MIIBtwQCAQABAf8THU5vdmVsbCBT
ZWN1cml0eSBBdHRyaWJ1dGUodG0pFkNodHRwOi8vZGV2ZWxvcGVyLm5vdmVsbC5jb20vcmVwb3Np
dG9yeS9hdHRyaWJ1dGVzL2NlcnRhdHRyc192MTAuaHRtMIIBSKAaAQEAMAgwBgIBAQIBRjAIMAYC
AQECAQoCAWmhGgEBADAIMAYCAQECAQAwCDAGAgEBAgEAAgEAogYCARcBAf+jggEEoFgCAQICAgD/
AgEAAw0AgAAAAAAAAAAAAAAAAwkAgAAAAAAAAAAwGDAQAgEAAgh//////////wEBAAIEBvDfSDAY
MBACAQACCH//////////AQEAAgQG8N9IoVgCAQICAgD/AgEAAw0AQAAAAAAAAAAAAAAAAwkAQAAA
AAAAAAAwGDAQAgEAAgh//////////wEBAAIEEf+lKTAYMBACAQACCH//////////AQEAAgQR/6Up
ok4wTAIBAgIBAAICAP8DDQCAAAAAAAAAAAAAAAADCQCAAAAAAAAAADASMBACAQACCH//////////
AQEAMBIwEAIBAAIIf/////////8BAQAwDQYJKoZIhvcNAQEFBQADggEBABxNc7zqYirc/zxWHeT8
LZvxFzu0uMAWfY8HLpjvb61ekS4NnDc/dx2ZtOQOJJGJPZvP85YU6yj71ecEnGqzjVlHqlV+4iC8
/YPlFA+wIKLe0aKxhSDnMwN7gqVlab/gxxWNgRzfiY9I+XmwzVy6JpfWaGM9XcqSGkIY9ddc1f9e
kbDn3MH6iVl+UsKreifJ0qlG/ERvVFVXOWz3P0x3JBfnt9rxmy8O5uu0SPKgyzHBwcylECWw5WYv
0TfUTMdXdKjSj6POyvpPQZ9kUX10qxlm2wK6bZCQGdpYJwvHDhIn/Z2QLwf5fbZF6FcXQ7yezhPK
DHDphwGwajkO0q+CWv8=
</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>
</saml:Assertion>
</samlp:Response>

VN:F [1.9.22_1171]
Rating: 3.0/5 (1 vote cast)
SAML 1.1 Integration with Vertex using Novell Access Manager 3.1, 3.0 out of 5 based on 1 rating

Tags: , ,
Categories: Access Manager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment