Idea ID: 2873802

Identity Console behind Access Manager and Single Sign-on and Timeout

Status: New Idea

Hi,

we are using Identity Console more and more and are missing the ability to integrate it with Access Manager and Single Sign-on.

Also the ability to configure a custom Timeout for the Identity Console is missed a lot.

Providing the full DN and (no default) tree with every single login is a little bit annoying. We would be glad to hear about an SSO integration within Access Manager.

Regards,
Andreas

  • First I need to mention that you need a Access Manager version 5.x because the java script form fill has changed. In 4.x versions the page was shrink-ed much more then with version 5.x. We use 5.0.4.

    Next is that we use a linux install of the identity console without context less login enabled. That is with version 1.7 not supported for using a single instance which manages multiple edirectories. But we have in our main edirectory an IDM managed attribute where we have the ldap full qualified dn of the user for the other edirectories stored.

    On the identtiy console login page make on adoption for the javascript function the Access Manager will call.

    On linux in the file login.html in /var/opt/novell/identityconsole, add the second script block near the end after the existing first one:

       <script src="./login.js"></script>
       <script language="JavaScript" type="text/javascript">
    function ClickNextButton() {
     document.getElementById("loginButton").click();
    }
      </script>

    In the Access Manager create for each eDirectory you want to manage a reverse proxy and app mark.

    In the web server section point to the Identity Console installation.

    In the protected resource create two of them:

    One for the form fill at login:

    URL: /identityconsole/login.html
    Form fill policy:
    Form name: IDPLogin
    Input Field Name: Username_ID → ldap dn of the user
    Input Field Name: Password_ID → password
    Input Field Name: Server → dns name of the server where to login

    Auto submit / detect loop enabled

    Enable javascript handling enabled
    Functions to keep: function ClickNextButton()
    Functions to execute on submit: ClickNextButton();

    And the other reverse proxy container the /* url without any form fill.

    That should be all.

  • Hi Rainer,

    sounds great, but would you also be willing to share your solution for the NAM SSO Integration with us? I Cannot find any documentation for it.

    Andreas

  • Hello,

    we have integrated SSO with Access Manager 5.0.4 the last few days. That works for us managing around 10 different edirectories with a single Identity Console instance.

    Rainer