Environment
NetIQ Identity Manager Roles Based Provisioning Module 4.5.x
Situation
When attempting to login to IDM RBPM 4.5 the following error is received.
Identity Manager authentication is not correctly configured or Identity Manager to eDirectory SAML communication is not functioning correctly.
Please contact an administrator to correct the problem.
The server is configured for SAML authentication with Identity Manager.
Identity Manager authentication is not correctly configured or Identity Manager to eDirectory SAML communication is not functioning correctly.
Please contact an administrator to correct the problem.
The server is configured for SAML authentication with Identity Manager.
Resolution
Install the SAML login method in the tree.
The instructions and updated SAML login method can be found in the IDM 4.5 Engine & Remote Loader Service Pack 4 4.5.4 update.
Or you may find the SAML login method previously installed on your server in the /var/opt/novell/eDIrectory/data/nmas-methods directory.
Below instructions copied from the IDM 4.5 Engine & Remote Loader Service Pack 4 4.5.4 readme.
SAML Installation:
1. The SAML package is available in the <patch path>SAML directory
2. From the server console command line, enter:
nmasinst -addmethod admin.context treename config.txt_path [-h hostname[:port]] [-w password] [-checkversion]
where
admin.context: The admin name and context.
treename: The name of the eDirectory tree where you are installing the login method.
config.txt_ path - The complete or relative path to the config.txt file of the login method. A config.txt file is provided with each login method
[-h hostname[:port]]: (Optional) The hostname and port of the server. Use this if eDirectory is not running on the default port.
[-w password]: This option is used to specify the password on the command line.
[-checkversion]: This option reports an error if the installed method version is the same or newer than the method version being installed.
If the login method already exists, nmasinst updates it.
3. Restart eDirectory on target server. (Optional) All other servers will need to be restarted before having access to the new SAML method. Restart of eDirectory is required if UserApplication is running on it so that UserApplication can work post upgrade of eDirectory to 9.0.1.
4. Restart Application server (tomcat, jboss or websphere).
The instructions and updated SAML login method can be found in the IDM 4.5 Engine & Remote Loader Service Pack 4 4.5.4 update.
Or you may find the SAML login method previously installed on your server in the /var/opt/novell/eDIrectory/data/nmas-methods directory.
Below instructions copied from the IDM 4.5 Engine & Remote Loader Service Pack 4 4.5.4 readme.
SAML Installation:
1. The SAML package is available in the <patch path>SAML directory
2. From the server console command line, enter:
nmasinst -addmethod admin.context treename config.txt_path [-h hostname[:port]] [-w password] [-checkversion]
where
admin.context: The admin name and context.
treename: The name of the eDirectory tree where you are installing the login method.
config.txt_ path - The complete or relative path to the config.txt file of the login method. A config.txt file is provided with each login method
[-h hostname[:port]]: (Optional) The hostname and port of the server. Use this if eDirectory is not running on the default port.
[-w password]: This option is used to specify the password on the command line.
[-checkversion]: This option reports an error if the installed method version is the same or newer than the method version being installed.
If the login method already exists, nmasinst updates it.
3. Restart eDirectory on target server. (Optional) All other servers will need to be restarted before having access to the new SAML method. Restart of eDirectory is required if UserApplication is running on it so that UserApplication can work post upgrade of eDirectory to 9.0.1.
4. Restart Application server (tomcat, jboss or websphere).
Cause
SAML Assertion login method was missing.
The SAML login method should be installed in the tree under the Security, Authorized Login Methods container. You should see "SAML Assertion (1)" listed there. If it is not there, it is missing.
The SAML login method should be installed in the tree under the Security, Authorized Login Methods container. You should see "SAML Assertion (1)" listed there. If it is not there, it is missing.