• Planning for mandatory multifactor authentication for Azure

    Microsoft has announced that starting in October of this year, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. We have several customers who are using NAM as an IdP via WS-Fed federation, and I…
  • How to identify user transaction x device id in risk module?

    In AM there's a table named risk_usrtransaction. I could not find any way to correlate a transaction registered in this table with the device registered in device_fingerprint table. Does anyone have any info on that?
  • How and where do I add a Forgot Password link to the "Secure Name/Password - Form"?

    Hi, How and where do I add a Forgot Password link to the "Secure Name/Password - Form"? I was trying to see if I could find that information in the manual. There is something about how to do it when using b2c.... but that is not the case.
  • What databases are supported for device fingerprinting?

    I could not find any other specs for the device fingerprinting database like versions and if there's any requirement for JSON or tabular storage for data and so on. I only found " Access Manager supports MySQL, Oracle, and Microsoft SQL Server databases…
  • NAM 5.0.4.0.44: Unable to load metadata for Embedded Service Provider: https://netiq-iam.acme-test.com:8443/nidp/idff/metadata, error: No subject alternative DNS netiq-iam.acme-test.com found.

    Setup NAM 5.0.4.0.44 SLES 15.4 single box (demo environment) Dear community, I tried to setup the following in a demo/test environment. IDP (Identity Server) protected by gateway / proxy Seems to work per se, I can login to the IDP portal…
  • ProxyService. Do not pass the Authorization header to the web server

    Hi, We have a proxy service configured with basic authentication. The request is received with the HTTP Authorization header, NAM correctly authenticates the user, and passes the request to the Web server including the received HTTP Authorization header…
  • SAML: 500 Internal Error when user logs in with expired password

    Hello Everyone, I am facing an issue when a users logs in with expired password that has authenticated using Risk Based Policy. The configurations are as follows: - I have defined a Risk Based Policy that authenticates users via Form based method…
  • SSO to NAAF in the middle of a contract

    I have curious case. A contract with the method of Secure Password Form + an NAAF authentication. As the user does not have any method enrolled in NAAF, he is redirected to NAAF to enroll a method. I want to do SSO by injecting the credentials, but the…
  • Support for the FriendlyName attribute lost with NAM 5

    Hi, NAM 4.5 SP6 added upport for the FriendlyName Attribute in SAML Assertions. It is specified in the documentation of version 4.5: An attribute set with a constant is usually set up when Identity Server is acting as an identity provider for a…
  • SEVERE: AM#100702018: Error regenerating JCC cert

    Hi, Authentication stopped working. Error seen in bowsers are: " Unable to authenticate. (100101044NIDPMAIN.405-esp-347AC5083E98F281) " ids jcc-0.log.0 says: SEVERE: AM#100702018: Error sending periodic health com.novell.jcc.client.HealthDispatcher…
  • Identity Server login page not showing the browser title icon favicon

    I want to add an icon with the browser title like a favicon. For this, I have added the below line in the Identity Servers "/opt/novell/nids/lib/webapp/jsp/nidp_latest.jsp" file, in btween the <head> tag. <link rel="icon" href="<%=request.getContextPath…
  • Malformed XML when importing metadata into Access Manager v5.0.4

    Dear Community, I am trying to configure SAML2 SSO between Access Manager and GitLab which should be supported since GitLab is able to act as SAML2 SP and AM can act as an SAML2 IdP. I clicked to edit on IDP and wanted to create new trusted provider…
  • Access Manager 5.0.4 unable to add Image for Appmark or Connector

    Dear Community, I am trying to upload the image to connector studio for my new connector but I get an error like this: In my network or console tab I get no errors, but in Administration Console I can clearly see the error showing up: The…
  • Access Manager v5.0.4 Mobile Access not working

    Dear Community, I wanted to enable Mobile Access on my newly installed Access Manager, but sadly it is not working as it should. If I click to enable MobileAccess under "MobileAccess" category on my Administration console and click save it does…
  • Access Manager Appliance v5.0.4 Branding not being saved

    Dear community, It seems like we cannot save new branding on our access manager 5.0.4 and the problem is shown this way: When we go to "Branding" in access manager administration console it welcomes us with normal behaviour showing us the menu where…
  • Is possible to use NAM NetIQ with Keycloak?

    Hi guys, I have a question. I'm working on a project with NAM NetIQ and keycloak and I need to do this flow: I have an ec2 inside private subnet with a Keycloak container that I need to use for SSO with SAML protocol I need to use NAM NetIQ as…
  • Access Manager should support RADIUS from external MFA solutions

    During integration of Azure MFA and NAM, the integration failed and we detected it is from NAM side. Was installed 3 other free radius servers and did the integration and it worked perfectly. Knowing that we have integrated Azure MFA using same way (RADIUS…
  • Filter logs for SAML and OIDC protocol

    Hi All, Currently we are using SAML and OIDC protocols mostly for our Relying Party applications for SSO. However it becomes daunting task to scroll through logs to troubleshoot anything Is there an efficient way to filter the logs for a specific…
  • Want to copy the all resources or one proxy service to other environment

    Hi, I have Access Manager in two environments and I want to copy all the protected resources of reverse proxy or one proxy service from NAM 4.5 to another environment of NAM 5.0. Is there any way to do this?
  • Request was from an untrusted provider in NAM

    Hi, I'm trying to set up SSO using SAML into Vmware Horizon, using NAM as the identity provider. The user goes to " https://<server fqdn>/nidp" and is prompted to login, they then click on an Appmarker to take them to Vmware horizon desktop agent…
  • Access manager and Advanced Authentication integration problems

    I’m having a few issues getting NAM working with AA for MFA though (using this guide; Advanced Authentication - NetIQ Access Manager 5.0 Administration Guide (microfocus.com) ), I have set up the connection between the two using oauth, but I keep getting…
  • JavaScript HTTP error when http service proxied by NAM

    Hi everyone, I made a proxy service for an HTTP service via NAM, and the application shows me a HTTPS error when I try to download the page javascript files. I think something in the HTTP rewrite is not working as expected. Here is a screenshot…
  • Upgrade Best Practices

    I've been doing upgrades for quite a few years and after running into numerous issues upgrading into the 5.0.X version, I thought I'd reach out to the community and see if anyone else has come across a good upgrade plan to migrate services to new hardware…
  • Delegate my access to another user - Proxy user

    Dear folks, Wish you all a very happy new year! I'm the product manager for NetIQ Access Manager. Prior to the product management role, I've been with access manager engineering for more than a decade. Today, NetIQ Access Manager provides impersonation…
  • Access Manager 5.0.1 Error 500 after installation

    Dear Community! I have installed a new Access Manager Appliance 5.0.1 and added it to a cluster with previous NAM 4.5.4. Installation finished with no errors and same did the adding of new NAM as secondary console into the cluster. I transfered…