Help with SAMLv2 OpenAM tutorial

This topic has 9 replies, 4 voices, and was last updated 6 years, 3 months ago by Aker666.

  • Author
  • #10288

    Hi, I’m trying to complete a tutorial to use SAML and Federation in OpenAM. I’m following this video Video Tutorial so to do the tutorial:

    1 – I’ve created 2 instances of OpenAM:
    * IDP:
    * SP:

    In both I’ve created a user with these details:
    – ID: test
    – Username: test
    – Email address: [email protected]

    2 – I’ve created an IDP on openamIDP:
    * Metadata:
    – Name:
    – Sign key: test
    * Circle of Trust: CoT
    * Attribute mapping: mail = mail

    3 – I’ve created a SP on openamSP:
    * Metada:
    – Name:
    * Circle of Trust: CoT
    * Attribute mapping: Use default provided by IDP

    4 – I’ve created a remote IDP on openamSP:
    * URL to metadata:

    5 – I’ve created a remote SP on openamIDP:
    * URL to metadata:
    * Circle of Trust: CoT
    * Attribute mapping: mail = mail

    Now, if I’m going to test the SSO. When I try to log in with the “test” user I access to his User Profile page… and not as it’s supposed to be. What I’m doing wrong or where I did a mistake?

    Regards and thanks.

    • This topic was modified 6 years, 3 months ago by Aker666.
     Mike Woodburne

    Hey Aker666

    Navigating directly to the SP’s login URL won’t kick off SP initiated federation, all it will do is initiate a regular login to the OpenAM SP with whatever authentication module you have configured as the default. You want to trigger the SP initiated SSO by going to the spSSOInit.jsp page and passing the appropriate query parameters (idpEntityId and metaAlias minimally). Doing this will redirect you to the IDP where you can login and be redirected back to the SP with the appropriate SAML assertion.

    I’d suggest taking a look at the OpenAM documentation on SAML 2.0 for more details:!/docs/openam/12.0.0/admin-guide#using-saml2-sso-slo (OpenAM 12)!/docs/openam/13/admin-guide#using-saml2-sso-slo (OpenAM 13)

    If you have more specific questions around the process of initiating SSO, reply back to this thread and we’d be happy to help you out.


    Hey Aker666,

    Navigating directly to the SP’s login URL won’t kick off SP initiated federation.
    use the below URL to verify your federation .<if you have any realm or use /sp>/sp&binding=HTTP-POST.

    you can pass realyState=<Application-Url where you want redirect after federation>

    you can follow below blogs to further more info

    • This reply was modified 6 years, 3 months ago by Bhargava.bada.

    Hi, thanks for your answers and help. I’ve seen the video and I have configured everthing like that but I’m getting a different result.

    When I put the url: this is my web in Django that I want to protect

    After login I get this URL: and the message: Single Logout performed satisfactorily. and not redirects to my web.

    But in the URL I have spSSOInit.jsp and not spSingleLogoutInit.jsp And If I put in the URL spSingleLogoutInit.jsp I get the message SP has successfully initiated single logout. so I don’t understand :/

    Where is my mistake?

    • This reply was modified 6 years, 3 months ago by Aker666.
    • This reply was modified 6 years, 3 months ago by Aker666.
     Chris Lee

    Hi Aker666,
    I think there is a typo, try changing “realyState” to “relayState”.
    Does that help?


    Hi Chris, I have changed the typo error but still get the same message and url :/



    I have tried the tutorial again.

    The URL that I insert on the web browser is:

    And I don’t understand why I’m redirected to: and not to and I supose that after go to this URL I will be redirected to my website.

    What I’m doing wrong that makes OpenAM not redirect me correct? I want to know how to solve this problem because I’m stuck on my work.



    Sorry, I wrote here again by mistake &realyState but in the URL that I put on the web browser it’s &relayState


    Hi Aker,

    Can you try RelayState instead of relayState.
    As per the document the parameter name is RelayState .



    Hi Bhargava, It was a typing error by capitalization. I changed it to &RelayState and now it works.

    Thanks to all for your answers and links.


Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?