03-14-2008 4:16 PM
Hi,
I got some problems when testing the SAML SSO functionality according to the document [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]
Identity Provider: SUN Access Manager 7.1 under Windows 2003
Service provider: SAP JAVA WAS 6.40 SP19
After both sides configuration I tried the SSO using the URL as follows:
In the Virtual Administrator I had already configured SAMLLoginModule at the 1.st place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:
Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.
THX,
Bin
03-17-2008 4:32 PM
I traced that Sun AM had sent the SAML assertion to SAP, and according to the assertion I would guess the problem is regarding the NameIdentifier. Intentially when I created SAP as the trusted partner in Sun AM I had configured to use the class provided from [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]: to generate the required NameIdentifier, which in this case should be binwang instead of id=binwang,ou=user,dc=sample,dc=com.Any idea how to solve this problem here?
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="
sba84ca9dad01f929deba8796d887bd3bfaf8972501" Issuer="sunam.test.de:8080" IssueInstant="2008-03-16T19:08:08Z">
<saml:Conditions NotBefore="2008-03-16T19:05:08Z" NotOnOrAfter="2008-03-16T19:15:08Z" >
</saml:Conditions>
<saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:DataStore"
AuthenticationInstant="2008-03-16T19:08:06Z">
<saml:Subject>
<saml:NameIdentifier NameQualifier="dc=sample,dc=com">id=binwang,ou=user,dc=sample,dc=com
</saml:NameIdentifier>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact-01
</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:SubjectLocality IPAddress="192.168.164.130" />
</saml:AuthenticationStatement>+
</saml:Assertion>