Permission denied after redirect

This topic has 4 replies, 3 voices, and was last updated 6 years, 3 months ago by Peter Major.

  • Author
    Posts
  • #11217
     anishnarang
    Participant

    I have setup an OpenAM Idp with a Python Django SP,along with LDAP integration module for authentication. The SP is redirected to the OpenAM login page. But after successfully authentication,the user is denied access to the SP’s ACS page. Could this be an authorization issue related to Policies? If so, how to we give the LDAP users access to the SP’s pages.

    #11233
     Scott Heger
    Participant

    Do you have a policy agent in the mix here? If not, then no, it wouldn’t be a policy issue. If you do have a policy agent involved….why?

    #11299
     anishnarang
    Participant

    There is no policy agent involved. There is no AttributeStatement being returned as part of the SAML response back to the SP. The user profile mode is set to dynamic and the user is added to the Subjects on successful authentication. Im guessing this should be an issue with the attribute mapping on the IdP.Is that right?

    #11335
     Scott Heger
    Participant

    Yea, that would be an issue with your attribute mapping. You have to map them properly in your IDP for use in creating your dynamic profiles, then you need to map them in your SP to populate into your assertion. I believe that is the process when you use dynamic profiles.

    #11369
     Peter Major
    Moderator

    See also https://bugster.forgerock.org/jira/browse/OPENAM-9143 . You should write a custom IdPAttributeMapper if you want attribute mapping to work correctly when using Dynamic profile mode.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?