June 13, 2016 at 7:50 am #11217anishnarangParticipant
I have setup an OpenAM Idp with a Python Django SP,along with LDAP integration module for authentication. The SP is redirected to the OpenAM login page. But after successfully authentication,the user is denied access to the SP’s ACS page. Could this be an authorization issue related to Policies? If so, how to we give the LDAP users access to the SP’s pages.June 13, 2016 at 3:39 pm #11233Scott HegerParticipant
Do you have a policy agent in the mix here? If not, then no, it wouldn’t be a policy issue. If you do have a policy agent involved….why?June 16, 2016 at 8:24 am #11299anishnarangParticipant
There is no policy agent involved. There is no AttributeStatement being returned as part of the SAML response back to the SP. The user profile mode is set to dynamic and the user is added to the Subjects on successful authentication. Im guessing this should be an issue with the attribute mapping on the IdP.Is that right?June 16, 2016 at 7:26 pm #11335Scott HegerParticipant
Yea, that would be an issue with your attribute mapping. You have to map them properly in your IDP for use in creating your dynamic profiles, then you need to map them in your SP to populate into your assertion. I believe that is the process when you use dynamic profiles.June 17, 2016 at 4:03 pm #11369Peter MajorModerator
See also https://bugster.forgerock.org/jira/browse/OPENAM-9143 . You should write a custom IdPAttributeMapper if you want attribute mapping to work correctly when using Dynamic profile mode.
You must be logged in to reply to this topic.