Total Pageviews

Tuesday, February 11, 2020

Service Now integration with Forgerock OpenAM



1. create IDP metadata from Forgerock OpenAM make sure you have NameID Format same as Service Now. your metadata should have x509 certificate that is required by SAML to sign the request. If you are not using certificate make sure to select default certificate offered by forgerock AM

2. send metadata to Service Now.
3. import Service Now Metadata (SP) to forgerock AM servers. make changes to SP metadata. Click on Service Now metadata and go to Assertion Processing and at the Attribute Mapper put the attribute you have in Service Now at Advanced --> User Field (uid=user_name)


Service Now configuration:

Service now should have these below values

NameID Policy(SP) same as NameID Format (IDP)


Value in the User Field is same as what IDP have in Service Now Assertion processing --> Attribute Mapper --> Attribute MAP i.e(uid=user_name)


other points to consider is users who are not in SNOW wont be able to login to SNOW if that user does not exists in the SNOW.


Posted by at No comments:

Monday, February 10, 2020

foegerock openam error Unable to do sso or federation. com.sun.identity.saml2.common.SAML2Exception: Provider's signing certificate alias is missing.


debug log error
Unable to do sso or federation. com.sun.identity.saml2.common.SAML2Exception: Provider's signing certificate alias is missing.


your IDP is missing certificate that is required by server to sign SAMLrequest.

solution:
configure idp with x509 certificate
reconfigure idp with pre-configure "Signing Key"(option you will get when configuring IDP)


Posted by at No comments:

Saturday, February 8, 2020

opends enabling replication opendj



to change server names follow below link
https://backstage.forgerock.com/knowledge/kb/book/b73824898#a87750034


to enable replication used below commands


./dsreplication configure --adminUid admin --adminPassword Passw0rd1 --baseDn dc=orasystemsusa,dc=com --host1 dsA.example.com --port1 5444 --bindDn1 "cn=Directory Manager" --bindPassword1 Password --replicationPort1 8989 --host2 dsB.example.com--port2 5444 --bindDn2 "cn=Directory Manager" --bindPassword2 Passwrd --replicationPort2 8989 --trustAll --no-prompt


./dsreplication initialize --baseDN dc=orasystemsusa,dc=com --adminUID admin --adminPassword Password --hostSource dsA.example.com --portSource 5444 --hostDestination dsB.example.com --portDestination 5444 --trustAll --no-prompt


./dsreplication status --adminUID admin --adminPassword Password --hostname dsA.example.com --port 5444 --trustAll
Posted by at No comments:
Subscribe to: Posts (Atom)