Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SAML SSO Problem using SUN Access Manager

Former Member
0 Kudos

Hi,

I got some problems when testing the SAML SSO functionality according to the document [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]

Identity Provider: SUN Access Manager 7.1 under Windows 2003

Service provider: SAP JAVA WAS 6.40 SP19

After both sides configuration I tried the SSO using the URL as follows:

http://sunam.test.de:8080/amserver/SAMLAwareServlet?TARGET=http://grcsuite.test.de:50000/useradmin/u...

In the Virtual Administrator I had already configured SAMLLoginModule at the 1.st place with the flag SUFFICIENT in the Basic template. After successfully authenticated to the Access Manager I was redirevted to the following URL where unwanted logon window (to SAP J2EE Engine) is shown again:

http://grcsuite.test.de:50000/logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet%3FSAMLa...

Could anybody give me some hints, why the SSO fails or how to debug the problem? If needed, I could provide more info about my system configuration.

THX,

Bin

1 REPLY 1

Former Member
0 Kudos

I traced that Sun AM had sent the SAML assertion to SAP, and according to the assertion I would guess the problem is regarding the NameIdentifier. Intentially when I created SAP as the trusted partner in Sun AM I had configured to use the class provided from [http://developers.sun.com/identity/reference/techart/sso.html|http://developers.sun.com/identity/reference/techart/sso.html]: to generate the required NameIdentifier, which in this case should be binwang instead of id=binwang,ou=user,dc=sample,dc=com.Any idea how to solve this problem here?

<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="

sba84ca9dad01f929deba8796d887bd3bfaf8972501" Issuer="sunam.test.de:8080" IssueInstant="2008-03-16T19:08:08Z">

<saml:Conditions NotBefore="2008-03-16T19:05:08Z" NotOnOrAfter="2008-03-16T19:15:08Z" >

</saml:Conditions>

<saml:AuthenticationStatement AuthenticationMethod="urn:com:sun:identity:DataStore"

AuthenticationInstant="2008-03-16T19:08:06Z">

<saml:Subject>

<saml:NameIdentifier NameQualifier="dc=sample,dc=com">id=binwang,ou=user,dc=sample,dc=com

</saml:NameIdentifier>

<saml:SubjectConfirmation>

<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact-01

</saml:ConfirmationMethod>

</saml:SubjectConfirmation>

</saml:Subject>

<saml:SubjectLocality IPAddress="192.168.164.130" />

</saml:AuthenticationStatement>+

</saml:Assertion>