• Support for the FriendlyName attribute lost with NAM 5

    Hi, NAM 4.5 SP6 added upport for the FriendlyName Attribute in SAML Assertions. It is specified in the documentation of version 4.5: An attribute set with a constant is usually set up when Identity Server is acting as an identity provider for a…
  • SAML authentication microservice

    We have a requirement to implement NAM SAML authentication in a number of our webapps and rather than doing it in each I was exploring if we could implement the SAML authentication as a microservice to provide this functionality to any of our webapps…
  • Dynamic SAML attribute mappings

    I would like to provide a solution for a situation where different attribute mappings can be used depending on the username (email address) provided during authentication. Specifically a user with two email addresses should return different attributes…
  • offload IDP certificate authentication to external reverse proxy (SSL offloading) usage of sid parameter values

    Dear All, We are trying to offload the certificate authentication to our F5 Big IP proxy server and insert a specific header with certificate information in it, this is working fine more information on how we do that is explained here. However the solution…
  • SAML user provisioning and multi-valued attributes

    I have configured user provisioning multiple times (when NAM is acting as SAML SP - https://www.netiq.com/documentation/access-manager-45/admin/data/b1fd1nte.html#provisioningattrs), but it looks like I was always configuring provisioning of single valued…
  • NAM-IDM Federation and protected resource

    Hi, I have an IDM 4.7 and a NAM 4.4. I managed to use SAML between IDM and NAM but now I want to protect IDM behind the proxy. The documentation outlines this methods as 2 different approaches (SAML vs form fill) but I guess it's possible to do what I…
  • Non-username password fields on Custom Login Page

    Hi Everyone, I'm currently working on a Custom Login Page, where there are a couple other fields alongside the usual username password fields. Is there a best practice for capturing those fields in order to pass them as SAML claims during authentication…
  • Is it possible to configure SAML2 between 2 access managers?

    Hi guys, Currently, we have 2 access managers here, one in 4.0 and one in 4.4 I'm trying to configure saml2 between these two, from 4.4 to 4.0, so even if you're logged in only in 4.4, when you access 4.0, you will not be prompted to enter your credentials…
  • NAM 4.2 or 4.3 and userapp 4.5.5 - SAML - OSP

    Hi I have a simple question: We have a cluster UA 4.5.5, configured to authenticate by SAML on the OSP On each UA, we have the OSP service. Do you need a SP trust from NAM IDP to each UA/OSP with the real name of the machine, or only one SP trust on the…