January 23, 2018 at 11:46 am #20657MohiniMParticipant
I’m trying to setup OpenAM for use in an IDP initiated flow.
A 3rd party IDP will send a SAML Assertion which needs to be validated.
After verifying the assertion, I need to retrieve additional information about the caller and target application and finally call an internal service to generate a session for the user in the target application.
I need to redirect the user to a custom URL based on values received in the request
To begin with, I tried the following setup in OpenAM with no success
Registering a remote IDP (metadata file below)
After that, I have tried to call http://localhost:9000/openam/idpssoinit?metaAlias=null&spEntityID=/sp, along with a SAML assertion in the request body. (The other thing that I have noticed is that in case of a remote IDP Provider the metaAlias field in OpenAM is blank. Is this how its supposed be or is there a screen where we can add the details?)
I receive the following error message “HTTP Status 400 – Error processing AuthnRequest. Error retrieving metadata”.
Looking into the source code, it seems that only hosted IDPs can be used in IDP initiated SSO.
I’m not entirely sure I have OpenAM setup correctly to fulfill my requirements. Could someone please suggest how I should proceed.
IDP metadata file
<EntityDescriptor xmlns=”urn:oasis:names:tc:SAML:2.0:metadata” entityID=”idp”>
<IDPSSODescriptor WantAuthnRequestsSigned=”false” protocolSupportEnumeration=”urn:oasis:names:tc:SAML:2.0:protocol”>
<SingleSignOnService Binding=”urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Location=”http://localhost:8090/SAMLWeb/openam/SSOPOST/metaAlias/idp”/>
- This topic was modified 4 years, 8 months ago by Peter Major.
You must be logged in to reply to this topic.