Access Manager setup as a SAML 2.0 Service Provider, consuming assertions from a 3rd party Identity Server.
When such a remote authentication is done and after NAM finishes parsing the assertion, an administrator can define a Post authentication method to execute. However, when the admin defined this method, the NAM identity Server does not seem to execute the post authentication method and redirects the user to the NIDP portal pages without returning the user to the original URL being accessed.
The attached catalina log, where a post-authentication is executed at line shows the following few entries:
<amLogEntry> 2016-06-24T10:58:31Z INFO NIDS Application: AM#500105009: AMDEVICEID#09F0A73E7CE1B6CE: AMAUTHID#353820D3F3785359920C79ED4704BAD8: Executing contract postAuthContract. </amLogEntry>
<amLogEntry> 2016-06-24T10:58:31Z VERBOSE NIDS Application: Session has consumed authentications: true </amLogEntry>
<amLogEntry> 2016-06-24T10:58:31Z VERBOSE NIDS Application: Session consumed authentications is 1 and is considered authenticated: true </amLogEntry>
A bit later this is found:
<amLogEntry> 2016-06-24T10:58:31Z INFO NIDS Application: AM#500105010: AMDEVICEID#09F0A73E7CE1B6CE: AMAUTHID#353820D3F3785359920C79ED4704BAD8: Contract postAuthContract requires additional interaction. </amLogEntry>
At this stage a windows pop-up is presented for credentials. When hitting [Cancel] button the portal page Request URL: https://idp43neil.netiq.com/nidp/portal
is displayed without any further credentials validation
Admin tried with many different methods but all with same problem.
Fixed in NAM 4.4.
With NAM 4.3 and earlier, the documentation states that the post auth methods should only be used to retrieve additional attributes for the user, rather than executing a step up authentication eg. passwordFetch method to retrieve users password.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.