SAML Working With OpenDJ but Not working with Active Directory

Tagged: , , ,

This topic has 2 replies, 2 voices, and was last updated 20 hours, 46 minutes ago by [email protected].

  • Author
    Posts
  • #28147

    Hi,
    OpenAM SAML working with OpenDJ but not working with Active Directory(AD).

    Working details as follows.
    IDP – OpenAM
    Identity Store – OpenDJ
    SP: https://sptest.iamshowcase.com/

    Not Working details as follows.
    IDP – OpenAM
    Identity Store – Active Directory(AD)
    SP: https://sptest.iamshowcase.com/

    Authentication happening at IDP side(OpenAM) successfully, after that getting 500 error in the browser and getting the below error in the Federation log.

    `libSAML2:07/28/2020 09:59:13:874 AM EDT: Thread[https-jsse-nio-8443-exec-2,5,main]: TransactionId[9fdfc9d0-5add-4f2e-bbbe-da67a4d76a7b-762]
    ERROR: UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: Unable to do sso or federation.

    com.sun.identity.saml2.common.SAML2Exception: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=16
    at com.sun.identity.saml2.common.AccountUtils.setAccountFederation(AccountUtils.java:234)
    at com.sun.identity.saml2.profile.IDPSSOUtil.getSubject(IDPSSOUtil.java:1636)
    at com.sun.identity.saml2.profile.IDPSSOUtil.getAssertion(IDPSSOUtil.java:1021)
    at com.sun.identity.saml2.profile.IDPSSOUtil.getResponse(IDPSSOUtil.java:833)
    at com.sun.identity.saml2.profile.IDPSSOUtil.sendResponseToACS(IDPSSOUtil.java:485)
    at org.forgerock.openam.saml2.UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache(UtilProxySAMLAuthenticatorLookup.java:161)
    at com.sun.identity.saml2.profile.IDPSSOFederate.process(IDPSSOFederate.java:242)
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:144)
    at com.sun.identity.saml2.profile.IDPSSOFederate.doSSOFederate(IDPSSOFederate.java:104)
    at org.apache.jsp.saml2.jsp.idpSSOFederate_jsp._jspService(idpSSOFederate_jsp.java:202)
    at org.apache.jasper.runtime.HttpJspBase.service(

    Please help how to fix the issue.

    #28151
     Andrew Potter
    Participant

    Just a guess… have you applied the schema changes to AD?

    #28172

    Thank you Andrew for your reply. let me try the same.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?