Skip to Content
avatar image
Former Member

SAML SSO Problem using SUN Access Manager

Hi,

I got some problems when testing the SAML SSO functionality according to the document [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]

Identity Provider: SUN Access Manager 7.1 under Windows 2003

Service provider: SAP JAVA WAS 6.40 SP19

After both sides configuration I tried the SSO using the URL as follows:

http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/userAdminServlet

In the Virtual Administrator I had already configured SAMLLoginModule at the 1.st place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:

http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLart%3DAAESqssSVZw4qJyKxSl1v50iaxCefD2mKLU6HZUPKHLfu9txxFn6ZDAx

Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.

THX,

Bin

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Mar 17, 2008 at 04:32 PM

    I traced that Sun AM had sent the SAML assertion to SAP, and according to the assertion I would guess the problem is regarding the NameIdentifier. Intentially when I created SAP as the trusted partner in Sun AM I had configured to use the class provided from [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]: to generate the required NameIdentifier, which in this case should be binwang instead of id=binwang,ou=user,dc=sample,dc=com.Any idea how to solve this problem here?

    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="

    sba84ca9dad01f929deba8796d887bd3bfaf8972501" Issuer="sunam.test.de:8080" IssueInstant="2008-03-16T19:08:08Z">

    <saml:Conditions NotBefore="2008-03-16T19:05:08Z" NotOnOrAfter="2008-03-16T19:15:08Z" >

    </saml:Conditions>

    <saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:DataStore"

    AuthenticationInstant="2008-03-16T19:08:06Z">

    <saml:Subject>

    <saml:NameIdentifier NameQualifier="dc=sample,dc=com">id=binwang,ou=user,dc=sample,dc=com

    </saml:NameIdentifier>

    <saml:SubjectConfirmation>

    <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact-01

    </saml:ConfirmationMethod>

    </saml:SubjectConfirmation>

    </saml:Subject>

    <saml:SubjectLocality IPAddress="192.168.164.130" />

    </saml:AuthenticationStatement>+

    </saml:Assertion>

    Add comment
    10|10000 characters needed characters exceeded