OpenAM not redirects to web after login using OpenDJ

This topic has 2 replies, 1 voice, and was last updated 6 years, 4 months ago by Aker666.

  • Author
    Posts
  • #10677
     Aker666
    Participant

    Hi, I have connected my OpenAM to a OpenDJ instance to store the users. When I try to access to my web by SSO with this URL:

    http://openam.sp.com:8095/openamSP/saml2/jsp/spSSOInit.jsp?idpEntityID=http%3A%2F%2Fopenam.idp.com%3A8090%2FopenamIDP&metaAlias=/sp&binding=HTTP-POST&RelayState=http%3A%2F%2Ftfm.web.com%3A8000 I get “Authentication succesfull” but then I get “Not found error” and I’m stuck on the login form.

    What I’m doing wrong? I need to change the URL to get SSO works? When I used the OpenAM DataStore by default the URL worked.

    Thanks and regards.

    #10707
     Aker666
    Participant

    Hi, I’ve been investigating why maybe I have this issue and I think that maybe could be this:

    In the OpenDJ control panel, on the detailed view of my Base DN I can see:

    – dc=tfm,dc=local
    — RegistredUsers
    —– aker666

    And in the detailed view of me I have: cn=aker666,ou=RegistredUsers,dc=tfm,dc=local

    So on the OpenAM Data Store (IDP instance) I see the details of the OpenDJ configuration and on the user configuration I have the correct values. If I go to “Subjects” I can see my “aker666” user from OpenDJ moreover the “amadmin” and “anonynous” (the 2 defaults). So OpenAM can connect to OpenDJ and get the users correctly.

    BUT, if I got to “aker666” details and scroll down to the end and look the value of:

    Universal ID: id=aker666,ou=user,dc=openam,dc=tfm,dc=local

    Why appears “ou=user,dc=openam”? I think that this is the reason of why I get “Not found error”. I think that the Universal ID should be “cn=aker666,ou=RegistredUsers,dc=tfm,dc=local” or I’m wrong?

    Why OpenAM can get the users from OpenDJ but then the “url” doesn’t match and the SSO login fails?

    Thanks in advance and regards.

    #10729
     Aker666
    Participant

    I have found the reason of why was not working. I will explain how I did to help if someone new have this problem too.

    First, Universal ID != BaseDN ID.

    Go to OpenAM (IDP instance) realm > Data Stores (left menu) > YourOpenDJInstance > Go to “User Configuration” section and on the 2 last fields change the values to your OpenDJ configuration, on my case “ou” & “RegistredUsers” and then go to “Group Configuration” and do the same that in “User Configuration”.

    Save changes and then go to “Subjects” and on the user that you want to test, on the detailed view check if “User state” it’s “Activated” and “User auth config” it’s set to “ldapService”. Save the changes.

    Do the same procedure on the OpenAM (SP instance).

    Now, the SSO should work :)

    Hope this help someone new with this tools.

    Regards!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?